]] Christoph Anton Mitterer (Please respect my mail-followup-to, there's no need to Cc me on lists which I read. It'd also make your mails more readable if you leave a blank line between what you quote and your reply.)
| On Sat, 2010-05-15 at 09:04 +0200, Tollef Fog Heen wrote: | > You can make that argument for just about all the daemons that are | > shipped in the distro. | | Yes :) Taking your line of arguments to its extreme conclusion, we should neuter all daemons so they just exit(0) and the admin has to work out what's wrong and fix it, since that'll be more secure as you can't exploit any bugs they have, given they're not running. While a system that's powered off, disconnected, covered in concrete and guarded by well-paid and armed guards is fairly secure, its functionality is also fairly close to zero. I'd much rather have a functional system that's slightly less secure. If you'd rather have something more secure and (IMO) less functional, I suggest you run OpenBSD rather than Debian. | > Should ssh not start by default or just listen | > to localhost for instance? | | Personally,... I'd prefer the listen to localhost only (per default) | solution. I have trouble taking such a suggestion seriously. | But I'm aware that such behaviour is probably disliked by the majority. | | Nevertheless,... when installing openssh-server,... you're already | actively deciding to do so... Not necessarily. Maybe you're just installing convirt to manage your Xen hosts. Or rancid, to manage your cisco routers. Actions have side effects. If you're not paying attention the side effects of admin decisions, then well, you'll make stupid mistakes sooner or later. Usually sooner. | But the 002 would be shipped per default... Yes, and you'd have to actively do something stupid (put other users into a private group) to make this be a problem of any kind. | > Me, I'd rather we stopped shipping /etc/default/* files with | > ENABLE=NO and similar silliness – if you want to disable a daemon | > (or it should not be enabled by default), put that information into | > the Default-Start LSB header or kill the S rcN.d links/make them | > into K links. | | Well but that's just a technical issue on how to enable/disable things, | isn't it? No, it breaks the assumption that /etc/init.d/foo start will actually start the daemon. -- Tollef Fog Heen UNIX is user friendly, it's just picky about who its friends are -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/87r5ld6se1....@qurzaw.linpro.no
