Services that can start by default policy feedback

Till Maas opensource at till.name
Thu Feb 24 21:25:44 UTC 2011


On Thu, Feb 24, 2011 at 06:32:44PM +0000, Matthew Garrett wrote:
> On Thu, Feb 24, 2011 at 05:59:33PM +0100, Till Maas wrote:
> > On Thu, Feb 24, 2011 at 03:04:26PM +0000, Matthew Garrett wrote:
> > 
> > > And once you've got a default set for the default install, why not just 
> > > do it at the package level and ensure some level of consistency?
> > 
> > Because by enabling lots of potential vulnerable services you make it a
> > PITA to use Fedora securely. A proper way would be to have some system
> > setting to specify whether or not non-essential services require
> > explicit enabling, e.g. a file in /etc/sysconfig/initscripts file with a
> > variable that one can set to true, which ensures that all not explicitly
> > enabled services won't be enabled.
> 
> There are no essential services, which means any proposal that contains 
> the phrase "non-essential services" is already unimplementable.

For me essential services are the services that are required to start
other services. If there are no services required to boot Fedora, login
as root and start other services, then I do not see any point of
requiring services to be enabled by default.

Regards
Till
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 836 bytes
Desc: not available
Url : http://lists.fedoraproject.org/pipermail/devel/attachments/20110224/bcfc2252/attachment.bin 


More information about the devel mailing list