On Thu, Sep 25, 2003 at 11:12:28AM +1200, Steve Wray wrote: > > At high security levels, any new services that get installed (from RPMs) > are only allowed from localhost or even, IIRC, services may not even > be started by default, neither post-install nor on reboot: you have to > set them up manually.
We can see it the other way: why bother the user with the details of running a service if the clued ones can easily stop or disable the installed daemons until they are configured properly? Since Debian claims to be security conscious, the choice should be obvious. In this respect, the habit of the postinstall scripts of launching daemons after asking a few simple questions has always appeared at least controversial to me. One of you have suggested introducing a new configuration variable in /etc/default which would tell postinst whether it is to operate fully automagically. The approach brings up interesting questions about the case of upgrading an already running service, but they should probably be discussed elsewhere. Not being part of the community I'm satisfied with the current situation just as well. Conversely, I recommend taking the simple not-to-start-anything strategy unconditionally, which might decrease the respect on behalf of the less experienced user, but may call for applause from others. bit, adam -- 1024D/37B8D989 954B 998A E5F5 BA2A 3622 82DD 54C2 843D 37B8 D989 finger://[EMAIL PROTECTED] | Some days, my soul's confined http://www.keyserver.net | And out of mind Sleep forever
