Minutes/Summary from today's FESCo meeting (2011-02-02)
"Jóhann B. Guðmundsson"
johannbg at gmail.com
Wed Feb 2 23:14:09 UTC 2011
On 02/02/2011 10:14 PM, Bill Nottingham wrote:
> Also, something has to happen when the packages are installed...
Hum not following here as in why is there a need for something to happen
beside the packaging getting installed?
I would think that the same thing would apply here all services off so
the user can shoot himself in the foot instead of us doing it for him.
For an example how many of those services do we ship that the end user
does not need to configure something like config file firewall etc.
before starting the service?
If he has the configuration know how to configure those services I think
is safe to assume that he has the required knowledge to start the
service by himself ;)
I think that at least any service that would potentially be exposed to
the network/internet/world should be turned off.
For example consider how it affects the overall security of the user
instalment if we accidentally would ship a bad iptables update that
would result in iptables being turned off? ( Goes without saying that if
you aren't exposing anything to the internet you don't need iptables )
How secure/correctly configured are those service by default encase that
I would think that anything we as an distribution have the
responsability that anything we expose network/internet/world in general
is as correctly/securely configured as possible when we hand that
service to the end user what he does with it after he receives it is his
Just a few pointers to keep in mind...
> everything is a live spin. The live spins can, of course, adjust what
> they need to.
More information about the devel