On Mon, 2002-07-15 at 15:55, Christian Borntraeger wrote: > I have some installed packages but don't start them during bootup. I disabled > them with chkconfig. > Unfortunately they are reactivated after an update, even if its a security > update. If you don't care, you have listening ports you even don't know > about. (drakxtools_http is another config thing which listens to TCP/IP) > > I consider this a high security risk. > In my opinion installation and activation should be _strictly_ seperated. > Standard should be _off_ with an easy turn on option in drakconf and during > installation.(which exists. but after an simple security update the disabled > tools are activated) > > The same is valid for Xfree. Debian has the -nolisten tcp option as standard, > which is for a desktop usage the best solution. After all, a desktop system > should have 0 listen ports. > > Are there other opinions and arguments, to convince me of the opposite.
Any comparison to Debian on the desktop is screwed to begin with. They have even less of a clue about desktop issues than does RedHat. One of the things that just infuriates me about Debian is the complete lack of desktop "thought", and the -nolisten tcp is one of those things. Turning off X forwarding in ssh by default is another. -- Brad Felmey
