Sex, 2007-01-12 às 09:40 -0300, Horst H. von Brand escreveu:
> Inside each of those maybe some questions like:
> [ ] password for X
> [ ] typical configuration { A or B or ... } for Y
> ... (other choices, you get the gist I hope)
Hum... I'd go for "Installed, but disabled by default." (or whatever is
the
fail-safe option, i.e. SELinux enabled, no root login except on the
console, ...) + "To set up for X do Y" type documentation here. Presumably
they know what they are doing, and their setup most probably won't fit any
"standard". Nice side effect is that it is simpler that way ;-)
I'd prefer that too, but I used "maybe" with a particular intention, you
might predict some simple scenarios which are easy to have a generic
default config (like a simple mta on the localhost for sending email
outside).
> Configurations:
> Secure by default
> * no default passwords
> * no service shall start automatically unless it can
> have a secure default configuration
> * root only by sudo, but without direct access to a
> shell (for improved audit-ability)
> * selinux activated
> ... (other choices, you get the gist I hope)
Just one option is simpler
This aren't supposed to be options, I meant choices as in choices of
things to configure by default.
, and so harder to screw up upstream (this is
critical),
Many projects have HORRIBLE configurations by default (JBoss and tomcat
for instance). I'm not sure they're inclined to solve it upstream, and
it's a true PITA to configure such systems in a PCI:DSS (for VISA)
compliant form, for instance.
and gives people time to look at the various pieces having the
full documentation (and web access, etc) at hand. This is one of my gripes
about the installation process: You have to decide on stuff without data,
and either you decide right now or you can't go on.
I usually define it with kickstart ;)
Rui
--
+ No matter how much you do, you never do enough -- unknown
+ Whatever you do will be insignificant,
| but it is very important that you do it -- Gandhi
+ So let's do it...?