Fedora Server Spin
Rui Miguel Silva Seabra
rms at 1407.org
Fri Jan 12 15:29:08 UTC 2007
Sex, 2007-01-12 às 09:40 -0300, Horst H. von Brand escreveu:
> > Inside each of those maybe some questions like:
> > [ ] password for X
> > [ ] typical configuration { A or B or ... } for Y
> > ... (other choices, you get the gist I hope)
>
> Hum... I'd go for "Installed, but disabled by default." (or whatever is the
> fail-safe option, i.e. SELinux enabled, no root login except on the
> console, ...) + "To set up for X do Y" type documentation here. Presumably
> they know what they are doing, and their setup most probably won't fit any
> "standard". Nice side effect is that it is simpler that way ;-)
I'd prefer that too, but I used "maybe" with a particular intention, you
might predict some simple scenarios which are easy to have a generic
default config (like a simple mta on the localhost for sending email
outside).
> > Configurations:
> > Secure by default
> > * no default passwords
> > * no service shall start automatically unless it can
> > have a secure default configuration
> > * root only by sudo, but without direct access to a
> > shell (for improved audit-ability)
> > * selinux activated
> > ... (other choices, you get the gist I hope)
>
> Just one option is simpler
This aren't supposed to be options, I meant choices as in choices of
things to configure by default.
> , and so harder to screw up upstream (this is
> critical),
Many projects have HORRIBLE configurations by default (JBoss and tomcat
for instance). I'm not sure they're inclined to solve it upstream, and
it's a true PITA to configure such systems in a PCI:DSS (for VISA)
compliant form, for instance.
> and gives people time to look at the various pieces having the
> full documentation (and web access, etc) at hand. This is one of my gripes
> about the installation process: You have to decide on stuff without data,
> and either you decide right now or you can't go on.
I usually define it with kickstart ;)
Rui
--
+ No matter how much you do, you never do enough -- unknown
+ Whatever you do will be insignificant,
| but it is very important that you do it -- Gandhi
+ So let's do it...?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Esta ? uma parte de mensagem assinada digitalmente
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20070112/fab9f543/attachment.sig>
More information about the fedora-devel-list
mailing list