Accidentally enabled service after update from F16 to F17 - solutions?
sochotnicky at redhat.com
Thu Jun 14 14:19:55 UTC 2012
Quoting Michal Schmidt (2012-06-14 15:10:56)
> On 06/14/2012 02:59 PM, Stanislav Ochotnicky wrote:
> > +%triggerun -- jetty < 8.1.2-9
> You already have one triggerun for jetty in the spec:
> %triggerun -- jetty < 8.1.0-3
> You're likely to hit this RPM bug:
I guess this in itself solves the problem for us. We can't fix user
systems properly ergo...
> > +/bin/systemctl --no-reload disable jetty.service >/dev/null 2>&1 ||:
> > +/bin/systemctl --no-reload stop jetty.service >/dev/null 2>&1 ||:
> > This trigger will do following:
> > If we are updating from previous releases, we disable the service and
> > stop it if it's running
> I dislike this, because:
> - You'd just break some users' systems for the sake of a different
> subset of users.
> - Some breakage during distribution upgrade is more tolerable than
> breakage within regular updates.
Well not anymore, I'll just describe it in the bodhi update.
> Is a running jetty really _that_ dangerous? Why do we ship it at all
> then? ;-)
Why do we ship Apache, tomcat and tens (hundrets?) of other useful
packages? Jetty unlike most packages _is_ remotely accessible so the
attack surface is rather large.
If you wrote that in a jest, then sorry but I don't take my mistake that
could compromise security of Fedora's users that lightly.
Stanislav Ochotnicky <sochotnicky at redhat.com>
Software Engineer - Base Operating Systems Brno
Red Hat Inc. http://cz.redhat.com
More information about the devel