Hello, my opinion: If I install something by hand I do so because I want it's functionality. From this POV, it should be enabled. After all, if I install a package which does some "magic" I don't install and forget but take my time to review it's config files to understand how it works. If I don't want it's functionality (yet), I simply could remove or don't install in the first place. If it's installed by default on new installs, it maybe should be disabled to not do something unexpected. Since I don't do new installs but just clone a master install, my opinion isn't too relevant, maybe. It could be a simple solution to just print a message text about the status (enabled/disabled, reflecting probably existing conffile content) in postinst. I've seen other packages doing so do direct the user that he has to take further measures.
Sites with many servers and some kind of automation (ansible or something similar) IMO should test new packages in a sandbox system before rollout to many machines automatically and having interesting surprises afterwards. At least, I'd consider this real-world practice. :wq! PoC PGP-Key: DDD3 4ABF 6413 38DE - https://www.pocnet.net/poc-key.asc
