On 2012-06-03 08:21:34 +0200, Bernhard R. Link wrote:
> Try to see it from the other side: I don't understand why you would a
> like a service not started by default. The daemon is there to be run,
> so running it is the most sensible approach in almost all cases[1].
Well, a mail server daemon mus
Le 04/06/2012 16:58, Aaron Toponce a écrit :
> On Sun, Jun 03, 2012 at 02:46:21PM +0800, Chow Loong Jin wrote:
>> Is there even a point in having DHCP listening on localhost?
>
> So, why even bother starting it? Thus, the whole point of this thread.
Because a dhcp daemon listening only on localh
On Sun, Jun 03, 2012 at 02:46:21PM +0800, Chow Loong Jin wrote:
> Is there even a point in having DHCP listening on localhost?
So, why even bother starting it? Thus, the whole point of this thread.
--
. o . o . o . . o o . . . o .
. . o . o o o . o . o o . . o
o o o . o . . o
Hi Bernhard,
On Sun, Jun 03, 2012 at 01:51:33PM +0200, Bernhard R. Link wrote:
> * Toni Mueller [120603 11:41]:
> > Since we obviously can't agree on *how* the service is to be run, one
> > could just ask the user, eg., in the case of a printing service:
> The print servers I looked at did not a
Aaron Toponce writes:
> By default in Debian, when a service package is installed, such as
> openssh-server, or isc-dhcp-server, it starts the service. This seems
> counter-intuitive to me.
As you mentioned, this is a really old issue. I've documented my
personal solution at
http://bugs.debian.o
* Toni Mueller [120603 11:41]:
> Since we obviously can't agree on *how* the service is to be run, one
> could just ask the user, eg., in the case of a printing service:
>
> "I just installed the file sharing service. Do you want to start
> sharing immediately (will allow other people to acces
On Sat, Jun 02, 2012 at 08:21:02AM -0600, Aaron Toponce wrote:
> Enabling services on external interfaces by default is indeed a bug, IMO,
> especially things like SSH, DHCP, SMTP or Bind (which has a long history of
> security problems).
SSH is imho the one exeption to the rule, provided it h
On Sun, Jun 03, 2012 at 08:21:34AM +0200, Bernhard R. Link wrote:
> * Aaron Toponce [120602 16:26]:
> > However, I am calling into question the validity of starting a service by
> > default post-install. I think it introduces security concerns, possible
> > headaces on the local LAN, and just un
On Sunday 03 June 2012 08:46:21 Chow Loong Jin wrote:
Hi,
> On 03/06/2012 11:23, Aaron Toponce wrote:
> > On Sat, Jun 02, 2012 at 10:43:00PM +0200, Tollef Fog Heen wrote:
> >> Are you seriously suggesting that DHCP and SSH servers should not listen
> >> on external interfaces by default? The use
On 03/06/2012 11:23, Aaron Toponce wrote:
> On Sat, Jun 02, 2012 at 10:43:00PM +0200, Tollef Fog Heen wrote:
>> Are you seriously suggesting that DHCP and SSH servers should not listen
>> on external interfaces by default? The use case for SSH or DHCPd on
>> localhost only is pretty small.
>
> I
* Aaron Toponce [120602 16:26]:
> However, I am calling into question the validity of starting a service by
> default post-install. I think it introduces security concerns, possible
> headaces on the local LAN, and just unnessary work for the administrator.
> Other than "if you don't want a servic
On Sat, Jun 02, 2012 at 10:43:00PM +0200, Tollef Fog Heen wrote:
> Are you seriously suggesting that DHCP and SSH servers should not listen
> on external interfaces by default? The use case for SSH or DHCPd on
> localhost only is pretty small.
I would much rather have DHCP listening on localhost,
]] Aaron Toponce
> Enabling services on external interfaces by default is indeed a bug, IMO,
> especially things like SSH, DHCP, SMTP or Bind (which has a long history of
> security problems).
Are you seriously suggesting that DHCP and SSH servers should not listen
on external interfaces by defa
On 2012-06-02 08:25:40 -0600 (-0600), Aaron Toponce wrote:
[...]
> I don't understand why services _should_ be started by default
> post-install.
[...]
There are many desktop-oriented home networking applications (file
and printer sharing, media distribution, et cetera) which really do
need to be
On Sat, Jun 02, 2012 at 04:02:57PM +0300, Serge wrote:
> I'm not experienced in this topic much yet, that's why I'm writing not in
> list, but directly. Feel free to reply into list, if you wish.
I would prefer to keep it on the list for a public archive, and to benefit
the greater admin populatio
On Fri, Jun 01, 2012 at 08:23:20PM +0200, Jonas Smedegaard wrote:
> Debian goal is - as you probably know already - for packages to work out
> of the box. For daemons this means they are started by default.
>
> If a package (service or not) is insecure by default, it is a bug!
> Severity of suc
On Fri, Jun 01, 2012 at 07:49:03PM +0100, Philip Hands wrote:
> The reason that RedHat don't start things is that their default approach
> has been to install a whole load of stuff that you might possibly want,
> and allow you to enable it when you are inspired to give some new
> service a try.
>
>
On 12-06-02 at 12:52pm, Tollef Fog Heen wrote:
> ]] Jonas Smedegaard
>
> > > A problem with using policy-rc.d is you don't know whether a
> > > service is being started because it's the initial install or if
> > > it's because of an upgrade. I'll sometimes not want the service
> > > to start
Hi Phil,
On Fri, Jun 01, 2012 at 07:49:03PM +0100, Philip Hands wrote:
> The Debian approach has always been to not install anything that you
> don't intend to use.
I have brought up this topic in the past, too. Summary: I often do want
the Debian-packaged software on my systems, but use it enti
]] Jonas Smedegaard
> > A problem with using policy-rc.d is you don't know whether a service
> > is being started because it's the initial install or if it's because
> > of an upgrade. I'll sometimes not want the service to start on
> > initial installation (because chef is just about to plop
On 01.06.2012 19:22, Aaron Toponce wrote:
> By default in Debian, when a service package is installed, such as
> openssh-server, or isc-dhcp-server, it starts the service. This seems
> counter-intuitive to me. I would think that the standard mode of practice
> for installing and running a service w
Hi Tollef,
On 12-06-01 at 09:55pm, Tollef Fog Heen wrote:
> ]] Jonas Smedegaard
>
> > Hi Aaron,
> >
> > On 12-06-01 at 11:22am, Aaron Toponce wrote:
> > > Just because I have installed a service package, doesn't mean I
> > > want the service immediately running after installation. I would
> >
On Freitag, 1. Juni 2012, Aaron Toponce wrote:
> I'm trying to dig through the archives to see if this has been discussed,
#661496 and friends.
--
To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org
Archive
]] Jonas Smedegaard
> Hi Aaron,
>
> On 12-06-01 at 11:22am, Aaron Toponce wrote:
> > Just because I have installed a service package, doesn't mean I want
> > the service immediately running after installation. I would like to
> > spend the necessary time as an administrator to configure and se
Aaron Toponce writes:
> I'm trying to dig through the archives to see if this has been discussed,
> and I'm only finding random one-off discussions here and there about it.
> Nothing concrete. If it has already been discussed in great detail, my
> apologies.
It has -- repeatedly.
This is almost
Hi Aaron,
On 12-06-01 at 11:22am, Aaron Toponce wrote:
> Just because I have installed a service package, doesn't mean I want
> the service immediately running after installation. I would like to
> spend the necessary time as an administrator to configure and secure
> the service to my liking,
26 matches
Mail list logo
