Services that can start by default policy feedback
Matthew Garrett
mjg59 at srcf.ucam.org
Thu Feb 24 18:32:44 UTC 2011
On Thu, Feb 24, 2011 at 05:59:33PM +0100, Till Maas wrote:
> On Thu, Feb 24, 2011 at 03:04:26PM +0000, Matthew Garrett wrote:
>
> > And once you've got a default set for the default install, why not just
> > do it at the package level and ensure some level of consistency?
>
> Because by enabling lots of potential vulnerable services you make it a
> PITA to use Fedora securely. A proper way would be to have some system
> setting to specify whether or not non-essential services require
> explicit enabling, e.g. a file in /etc/sysconfig/initscripts file with a
> variable that one can set to true, which ensures that all not explicitly
> enabled services won't be enabled.
There are no essential services, which means any proposal that contains
the phrase "non-essential services" is already unimplementable.
--
Matthew Garrett | mjg59 at srcf.ucam.org
More information about the devel
mailing list