Default services enabled
Reindl Harald
h.reindl at thelounge.net
Fri Aug 19 14:59:57 UTC 2011
Am 19.08.2011 16:50, schrieb Richard Hughes:
> On 19 August 2011 13:35, Steve Grubb <sgrubb at redhat.com> wrote:
>> All security guidance says turn off or get rid of avahi. We really don't want to
>> require it just to print.
>
> Then "security" is flying in the face of usability
this is always so, nearly everything what somebody calls usability
has implications in security - and that is why linux should not go
only the "usability-way" for every piece instead make a secure default
install - if you need avahi you can install/enable it, but do not
force every body out there have it installed only because it makes
it easier for every braindead guy set up a system without thinking
if you need such a system Apple is your favorite because they enable
everything without thinking any second if this could affect security
resulting in having every crap installed and active
especially as long fedora have really usability bugs like
"systemctl start/stop service"
gives no feedback and the dumb wrapper for "/sbin/service" says
OK even if all fails and THIS are usability faux passes without
negative security implications or in worstcase if you start
a service with increases security with "service start" you
are thinking it is running while it has failed
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 262 bytes
Desc: OpenPGP digital signature
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20110819/d701186b/attachment.bin
More information about the devel
mailing list