Minutes/Summary from today's FESCo meeting (2011-02-02)

"Jóhann B. Guðmundsson" johannbg at gmail.com
Wed Feb 2 23:14:09 UTC 2011


On 02/02/2011 10:14 PM, Bill Nottingham wrote:
> Also, something has to happen when the packages are installed...

Hum not following here as in why is there a need for something to happen 
beside the packaging getting installed?

I would think that the same thing would apply here all services off so 
the user can shoot himself in the foot instead of us doing it for him.

For an example how many of those services do we ship that the end user 
does not need to configure something like config file firewall etc. 
before starting the service?

If he has the configuration know how to configure those services I think 
is safe to assume that he has the required knowledge to start the 
service by himself ;)

I think that at least any service that would potentially be exposed to 
the network/internet/world should be turned off.

For example consider how it affects the overall security of the user 
instalment if we accidentally would ship a bad iptables update that 
would result in iptables being turned off? ( Goes without saying that if 
you aren't exposing anything to the internet you don't need iptables )

How secure/correctly configured are those service by default encase that 
happens?

I would think that anything we as an distribution have the 
responsability that anything we expose network/internet/world in general 
is as correctly/securely configured as possible when we hand that 
service to the end user what he does with it after he receives it is his 
responsibility..

Just a few pointers to keep in mind...

>   not
> everything is a live spin. The live spins can, of course, adjust what
> they need to.
>

Certainly

JBG


More information about the devel mailing list