[Guidelines change] Changes to the packaging guidelines
Frank Ch. Eigler
fche at redhat.com
Fri May 22 14:26:48 UTC 2015
sgallagh wrote:
> [...]
> The definition of "public" was intentionally vague, but perhaps we
> could try to find a better way to say it. I was trying to treat it as
> "network interfaces that accept connections from arbitrary sources".
OK ...
> I'm not sure that there's a tremendously meaningful distinction to be
> made between allowing services that listen on D-BUS or a local UNIX
> socket and services that listen on the localhost TCP socket [...]
Indeed.
> I'd personally prefer to assume the best intentions of our packagers;
> specifically I'd assume that if there's a question as to the safety of
> starting something by default, either they'd bring it up voluntarily or
> someone would do so on their behalf if a problem was discovered.
This is not about trusting the code or intentions of the packagers.
This is about what threat model are we expected to protect against by
not activating e.g. all services by default. Specifying that would
help clear up -why- the change, and that will in turn inform -how- to
change.
- FChE
More information about the devel
mailing list