]] Christoph Anton Mitterer | > Judging from the changelog of portmap, there's been a *lot* of discussion | > and angst over this decision over the years, and it wasn't one that was | > made easily. I think you're overstating this a bit as an example of a bad | > direction. | | Yes,.. but why "opening" something which does not need to be "open". | If a user/admin really needs it, he'll see that something does not work, | find out why, and then enables/opens it.... but _only_ if it's really | required.
You can make that argument for just about all the daemons that are shipped in the distro. Should ssh not start by default or just listen to localhost for instance? The admin will notice it's not started and start it. Ditto for, say, asterisk, should it only listen on loopback? If you're installing server daemons, I don't see why you expect them to not listen to network interfaces. If you're uncomfortable with that, drop an iptables rule on all your systems that sets a default policy of DROP for incoming and outgoing traffic and just whitelist what you care about. Anything that's so buggy that it because of security needs to listen to loopback only by default is IMO so buggy we shouldn't ship it at all. Me, I'd rather we stopped shipping /etc/default/* files with ENABLE=NO and similar silliness – if you want to disable a daemon (or it should not be enabled by default), put that information into the Default-Start LSB header or kill the S rcN.d links/make them into K links. -- Tollef Fog Heen UNIX is user friendly, it's just picky about who its friends are -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87vdap7ij7....@qurzaw.linpro.no
