I wasn't going to jump in on this thread/flamewar, but since I have been bouncing on D in the mailer a lot more than normal the last couple days, I feel like one more post won't hurt... so here's two cents worth.
First, I want to encourage list posters in the future to reconsider voicing their opinions about non-Debian distributions and Microsoft on this list. I think it is possible to discuss sound security without bringing up a *BSD or slagging Microsoft. The initial question of "What are these strange GETs in my Apache logs" has a simple answer. Asked and answered-- the further relevance to Debian is dubious. Buried in the mess of emails was at least one good comment about how Apache is installed on Debian, and it's this topic that I want to comment on. Having just installed apache on a laptop so I could do some development work when off-network, I was surprised (for some reason) to find the service not only started up immediately, but also restarted after reboot. I don't know why I was surprised, except that it had been a while since I installed a service of any type using a package. Maybe I was surprised because almost nothing else I've ever done on Debian has been quite that easy. ;) Similarly, after a recent apt-get dist-upgrade (intended to grab security updates only, so should I remove the non security.debian.org URLs from /apt/sources?) on my firewall box, I somehow managed to get all of X windows installed and a copule of services I didn't want installed AND started AND added to /etc/rc*.d. Thankfully X windows still requires "startx" to get going, but the services (junkbuster and wwwoffle) were just there. And while reboots on that machine are limited to power outages, it's still extra work to administer that stuff into the 'off' position. To me the lack of warnings or configurability during an apt-get install for a service is a questionable practice. It would be nice if the apache install had at least asked "Do you want to start this service immediately?" and "Do you want to start this service on reboot?". Then I would have been informed of the status of the service during install. Similar questions during dist-upgrade would have informed me that those packages (looking harmless enough in the long list of "you are about to install"s) actually were services, and would have at least allowed me to keep them from starting, if not installing. -michael [EMAIL PROTECTED]
