Klaus Ethgen <[EMAIL PROTECTED]> writes: > I have a another: > > Am Do den 11. Jan 2007 um 23:14 schrieb Roger Leigh: >> a) Every package calling update-inetd should call it twice; once for >> IPv4, and again for IPv6. This would require all packages to be >> updated. >> b) update-inetd should default to creating both unless explicitly told >> not to. This has the advantage of being transparent. > > c) update-inetd should default to creating none unless explicitly told > to. This has the advantage of staying secure if a dau admin install a > package accidentally.
This would not square with the current practice of defaulting to a secure but functional service when you install a package. If you didn't want to run it, you wouldn't install it. The admin always has the option of commenting it out. I've been exposed to using Fedora recently, which takes the approach you suggest of requiring explicit enabling of *everything*, and it's a complete pain. Trying to discover the thing to tweak to get a daemon to work is rather annoying; intentionally "crippling" a package by default is not IMO the way to go. Regards, Roger -- .''`. Roger Leigh : :' : Debian GNU/Linux http://people.debian.org/~rleigh/ `. `' Printing on GNU/Linux? http://gutenprint.sourceforge.net/ `- GPG Public Key: 0x25BFB848 Please GPG sign your mail.
pgpIuyhFtZbqL.pgp
Description: PGP signature
