What I HATE about F11
Casey Dahlin
cdahlin at redhat.com
Mon Jun 15 18:47:15 UTC 2009
On 06/14/2009 02:08 PM, Lennart Poettering wrote:
> Gah. Allowing packages to pierce the firewall just makes the firewall
> redundant.
>
Not true. Allowing any listening program to poke a hole in the firewall would make it redundant. Packages are different. They're signed, vetted things corresponding to real functionality the user wants.
The problem that does arise is: just because apache is installed doesn't mean its running. Really, init scripts should open the firewall ports they need when their service comes up (and I'll propose something for upstart 1.0 later today to make that make more sense.)
--CJD
More information about the devel
mailing list