Hi Bernhard, On Sun, Jun 03, 2012 at 01:51:33PM +0200, Bernhard R. Link wrote: > * Toni Mueller <t...@debian.org> [120603 11:41]: > > Since we obviously can't agree on *how* the service is to be run, one > > could just ask the user, eg., in the case of a printing service: > The print servers I looked at did not allow remote access by default > since somewhen in the 90ties.
I was only cobbling together an example for the mechanism for asking the user I had in mind. Office stuff is not my usual realm of work, and printing services are office stuff. > What has slapd to do with samba and why don't you want it run? Since you were talking about samba, and since LDAP is the standard network-wide address book mechanism usually in place, I consider slapd a standard office ingredient like samba (I've used it for different purposes for several years, but decided to part with it). As stated, the reason why a stock slapd installation is not that useful, is that it is extremely hard to do some schema chances, should you have the need for them, after the database has been installed, and that ACLs and such are outside of the realm of the package installation. So if you need one of a non-standard schema, a custom ACL, or something else, like replication, you are (afair) out of luck with just the debconf-powered postinst, and need to hand-tune the configuration. Running with the default database is at least a nuisance in this situation. > actually I'd be quite confused if slapd had not been already running > after installing... Huh??? > Sorry, you have to explain this. Do you claim apache has a security > concern in its default config? No, but for me, it has a usability problem in the default config. But then, I'm doing away with it as best as I can, anyway. > That I do not have to do it? Either I have copied the config first or > for a full install that will get a reboot anyway when deployed. The common case is probably more like "I want service X, now I install the package and see how I can configure it to suit my needs." In the meantime, one has to prevent the service from doing anything unwanted. If you have a config before installing the software, we are talking about a completely different use case that would likely include a lab setup as well. I don't ask that Debian be optimized for that case. > > Asking the unwitting user and providing a default answer of 'yes' should > > solve the problem, imho - the slightly more experienced user can then > > at least opt for 'no'. > > That's called policy.d. (though I feel like repeating others here). Thanks for pointing it out. I'll take a look. Kind regards, --Toni++ -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20120603210052.gc18...@spruce.wiehl.oeko.net
