On Mon, Aug 01, 2011 at 12:14:31PM +0200, Marco d'Itri wrote: > > > > I would be glad if all services (at least network-enabled or especially > > > > insecure for other reasons) didn't start by default. > > > Maybe everyone would be happy if there were a central place to set > > > the administrator's preferred policy. > > Making the "do not start by default" policy default for the distro should > > improve out-of-box security. > When I install a package I want to actually use it. > A better security policy is to not install by default useless packages. If a package with the default config listens on external ifaces or does other potentially insecure things (or maybe changes the system state in some other undesirable way), the administrator may want to change its config before the first start.
-- WBR, wRAR
signature.asc
Description: Digital signature
