* Troy James Sobotka <[email protected]> [2009-01-21 03:54:37 CET]: > And while we wait or fail to address this, countless other installations > will happen.
Installations that want the server and get it in a way ready to use. > I'd be pretty certain that at least one person that has read this > report is capable of raising and forcing the issue to either be > resolved or dismissed. $> sudo dpkg-divert --local --rename /sbin/start-stop-daemon $> sudo ln -s /bin/true /sbin/start-stop-daemon Of course this is a crude hack, but it will make no servers be started for you. Technically the symlinking of /bin/true should rather be replaced by either a wrapper script that gives some warning, maybe even asks if the server should be started when a tty is available, or do something else. > Debian's policy is absolutely absurd on servers. How much vision does > it take to realize that this is a fundamental security problem? I think you are fundamentally overreacting here. When someone wants a server installed it can be safely assumed that they want to have it running. Given that the package maintainers are expected to ship sensible defaults for those servers it rather sounds hypocritical to call it a fundamental security problem. Where the defaults aren't sensible this has to be addressed with the package maintainer at hand. There are e.g. some server packages around that don't start because they can't sensibly offer sane default values to start out with. > Remember the Debian security debacle from a few months ago? Remember > the black eye? How would more feel? Say hello to Ubuntu XP edition... Can we please come back to compare things that are at least remotely on the same level or connected in any way? Thanks. > Passive security is no security. Noone forces people to install server packages. And even then I would really love to have it addressed in the big picture and *not* have wesnoth and tremulous singled out. Fighting the same thing for every single package won't get us anywhere. So long. :) Rhonda -- Installing a server for a game automatically auto-inits and runs every boot. https://bugs.launchpad.net/bugs/109434 You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
