I have some installed packages but don't start them during bootup. I disabled them with chkconfig. Unfortunately they are reactivated after an update, even if its a security update. If you don't care, you have listening ports you even don't know about. (drakxtools_http is another config thing which listens to TCP/IP)
I consider this a high security risk. In my opinion installation and activation should be _strictly_ seperated. Standard should be _off_ with an easy turn on option in drakconf and during installation.(which exists. but after an simple security update the disabled tools are activated) The same is valid for Xfree. Debian has the -nolisten tcp option as standard, which is for a desktop usage the best solution. After all, a desktop system should have 0 listen ports. Are there other opinions and arguments, to convince me of the opposite. regards Christian
