service accepting commands from the network by default

Zbigniew Jędrzejewski-Szmek zbyszek at
Sun Feb 22 14:04:18 UTC 2015

Are Fedora packages allowed to have a default configuration in which
the service accepts commands from the network in the default

The daemon is not enabled by default, so the administrator has to do a
systemctl enable/start first.  This means that just installing the
package does not create a problem, and an explicit admin action is
necessary for the daemon to start listening. Nevertheless, I'm still
worried that people will start the service to try it out without
reading the fine print and will be vulnerable to attack. I would think
that the Packaging Guidelines cover this, but I don't think they do.


More information about the devel mailing list