Services that can start by default policy feedback

Matthew Garrett mjg59 at
Thu Feb 24 18:32:44 UTC 2011

On Thu, Feb 24, 2011 at 05:59:33PM +0100, Till Maas wrote:
> On Thu, Feb 24, 2011 at 03:04:26PM +0000, Matthew Garrett wrote:
> > And once you've got a default set for the default install, why not just 
> > do it at the package level and ensure some level of consistency?
> Because by enabling lots of potential vulnerable services you make it a
> PITA to use Fedora securely. A proper way would be to have some system
> setting to specify whether or not non-essential services require
> explicit enabling, e.g. a file in /etc/sysconfig/initscripts file with a
> variable that one can set to true, which ensures that all not explicitly
> enabled services won't be enabled.

There are no essential services, which means any proposal that contains 
the phrase "non-essential services" is already unimplementable.

Matthew Garrett | mjg59 at

More information about the devel mailing list