On to, 2011-03-03 at 12:47 +0100, Bastien ROUCARIES wrote: > some package announce their existance to the world without any admin decision! > It is not a fud and a security hole!
That's a vague generality... which packages? You mentioned phpmyadmin. What are the actual problems that results from this announcement? What bad things happen from it? Can the fact that you have phpmyadmin become known to an attacker via port scanning, or similar techniques? If so, does it matter if phpmyadmin also announces things via avahi? What do you suggest as a solution? Would a blanket policy of having all services to default to not announce themselves? What would the problems from such a policy be? (I don't know much about this stuff, and I don't particularly care, but it'd be nice if we could turn the discussion into a constructive one.) -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/1299154617.2561.23.camel@tacticus
