Services that can start by default policy feedback

Till Maas opensource at
Thu Feb 24 16:59:33 UTC 2011

On Thu, Feb 24, 2011 at 03:04:26PM +0000, Matthew Garrett wrote:

> And once you've got a default set for the default install, why not just 
> do it at the package level and ensure some level of consistency?

Because by enabling lots of potential vulnerable services you make it a
PITA to use Fedora securely. A proper way would be to have some system
setting to specify whether or not non-essential services require
explicit enabling, e.g. a file in /etc/sysconfig/initscripts file with a
variable that one can set to true, which ensures that all not explicitly
enabled services won't be enabled.

It is pretty easy to notice that a wanted service does not run compared
to notice that an unwanted/unused service suddenly runs, because an
innocent looking package has been installed. This is a trap that is
usually set on Debian systems which everyone I know who uses Debian

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
Url : 

More information about the devel mailing list