On Wed, Sep 24, 2003 at 09:01:26PM -0400, Michael Stone wrote: > Until installing a package has the side effect of installing a network > service. Having a default-deny-incoming firewall or some such would go a > long way toward preventing accidental vulnerability exposure.
Well, remember that the scope of this discussion is the default Debian installation. I agree that there may be issues elsewhere, and that services (particularly complex ones like Squid, Apache, DBMS packages, etc) need to be configured before they can be usefully and securely run. I think that the default installation, which will be seen by all users, really should see an improvement. I'll put some effort into getting it done, but I'm not entirely clear on the process. Should the matter be brought up on -policy? noah
pgp00000.pgp
Description: PGP signature
