Accidentally enabled service after update from F16 to F17 - solutions?
Michal Schmidt
mschmidt at redhat.com
Thu Jun 14 15:16:49 UTC 2012
On 06/14/2012 04:19 PM, Stanislav Ochotnicky wrote:
> Quoting Michal Schmidt (2012-06-14 15:10:56)
>> Is a running jetty really _that_ dangerous? Why do we ship it at all
>> then? ;-)
>
> Why do we ship Apache, tomcat and tens (hundrets?) of other useful
> packages? Jetty unlike most packages _is_ remotely accessible so the
> attack surface is rather large.
>
> If you wrote that in a jest, then sorry but I don't take my mistake that
> could compromise security of Fedora's users that lightly.
I thought the winking smiley gave it away.
But there is a basis for my jesting comment: It's great that you take
security seriously, but I believe you're over-estimating the danger of
the running service.
Fedora has a firewall enabled by default. And I trust that the service
receives any applicable security updates. The users' systems are not
compromised.
Michal
More information about the devel
mailing list