[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: Disable IPv6 by default.



Well i somehow manage to privately reply to David C.
and thus our discussion went of topic and privately to each other..

Hence I'm throwing what went between us, back to the list
to tear at, laugh at cry at, or to write on the marble tablets...

My bad, my apologies...

I guess I owe someone a beer :)

Best regard
Johann B.
--

Johann B. Gudmundsson. RHCE,CCSA
Unix System Engineer.
IT Management.
Reiknistofnun University of Iceland.
Taeknigardi, Dunhaga 5.			Email:		johannbg hi is
IS-107 Reykjavik.			Phone:		+354-525-4267
Iceland. Fax: +354-552-8801
--- Begin Message ---
On Thu, 13 Sep 2007 17:05:46 +0000
"Jóhann B. Guðmundsson" <johannbg hi is> wrote:

> David Cantrell wrote:
> > On Thu, 13 Sep 2007 16:02:23 +0000
> > "Jóhann B. Guðmundsson" <johannbg hi is> wrote:
> >
> >   
> >> David Cantrell wrote:
> >>     
> >>> On Thu, 13 Sep 2007 15:21:22 +0000
> >>> "Jóhann B. Guðmundsson" <johannbg hi is> wrote:
> >>>
> >>>   
> >>>       
> >>>> David Cantrell wrote:
> >>>>     
> >>>>         
> >>>>> On Thu, 13 Sep 2007 14:39:33 +0000
> >>>>> "Jóhann B. Guðmundsson" <johannbg hi is> wrote:
> >>>>>
> >>>>>   
> >>>>>       
> >>>>>           
> >>>>>> David Cantrell wrote:
> >>>>>>     
> >>>>>>         
> >>>>>>             
> >>>>>>> On Thu, 13 Sep 2007 14:09:02 +0000
> >>>>>>> "Jóhann B. Guðmundsson" <johannbg hi is> wrote:
> >>>>>>>
> >>>>>>>   
> >>>>>>>       
> >>>>>>>           
> >>>>>>>               
> >>>>>>>> I don't know the strategy behind this  decision  from the beginning?
> >>>>>>>> ( maybe publicity  stunt  or to show the world we could  )
> >>>>>>>> Yeah, weee, the crowd goes wild *applause applause*
> >>>>>>>>     
> >>>>>>>>         
> >>>>>>>>             
> >>>>>>>>                 
> >>>>>>> Not really intended as a publicity stunt.  It's a real pain working on IPv6 because very few people actually use it in Fedoraland right now.  Most people just complain about it because it's new and different.
> >>>>>>>
> >>>>>>> While most users won't switch over to it until absolutely necessary and most companies don't want to change over to it for the sake of changing, the United States Department of Defense is asking for software and hardware to support IPv6 now.
> >>>>>>>
> >>>>>>> If you want to disable it, you can blacklist the ipv6 module on your system.  Note that actually *having* the module loaded on your system doesn't mean you're using it.  And we really shouldn't be requiring users to enable or disable it to make things work.  IPv6 support should be loaded and the system should work fine even if you are only using IPv4.  And it doesn't now, so other than wanting to remove some lines from ifconfig(8) output or remove some boot up scripts, why do you want it disabled by default?
> >>>>>>>
> >>>>>>>   
> >>>>>>>       
> >>>>>>>           
> >>>>>>>               
> >>>>>> If I choose not to use IPv6 during install ( Anaconda )
> >>>>>> or have not setup up IPv6 and I do upgrade, then ipv6 services and ipv6 
> >>>>>> config changes should be left out.
> >>>>>>     
> >>>>>>         
> >>>>>>             
> >>>>> You've explained what you want, but not why.
> >>>>>
> >>>>>   
> >>>>>       
> >>>>>           
> >>>> In this case it's IPv6, when user chooses to disable something
> >>>> things that rely ( or were enabled in the process of enable of that 
> >>>> thing ) on that should be turned of as well.
> >>>>     
> >>>>         
> >>> This is reverse logic.  If a user wants a service that requires IPv6 but also asks for IPv6 to be disabled, the positive choice should be taken over the negative.  So the system should enable the service and ignore the IPv6 disable request because the service they wanted requires it.
> >>>
> >>>   
> >>>       
> >> Where are we gonna draw the line...
> >>
> >> When we end up like M$ Windoze where the OS does take the "all the 
> >> smart" decisions for the user and then question everything else he does...
> >>     
> >
> > But look at it from the other side.  If a user gives the following instructions to the installer:
> >
> > 	- Disable IPv6
> > 	- Enable service A because I want that
> >
> > But service A requires IPv6 in order to function.  Don't you think the logical choice it should make is enable IPv6 because the user asked for the service?  If we disabled the service (i.e., take the negative path) because they also said disable IPv6, the user will get confused and will usually (but not always) file a bug saying the service failed to start.  Well, it failed because you said to disable IPv6.  User comes back and says, "hmmm, that's a bit confusing, but ok."
> >
> > I've seen this before.
> >
> > It's not that Fedora is trying to make all the smart decisions for the user, it's more that Fedora only wants to expose decisions that actually matter in the long run.
> >
> >   
>  From my point of view an informative message to the user saying in this 
> case " Service A could not be started because it relies on IPv6 and IPv6 
> is currently  disabled! To use this service ( service A ) please enabled 
> it in system-config-network and then restart the service ( Service A )"

Then this is an RFE and should be filed as such in Bugzilla.

> >>> But everything in Fedora should work fine with IPv6 enabled or disabled.
> >>>
> >>>   
> >>>       
> >> It does... At least I haven't run in any problem with IPv6 not running
> >>     
> >
> > Which is good.  Obviously, IPv6-only things would have problems (dhcp6s, for example).
> >
> >   
> >>>> So if I turn off in this case IPv6 support ( during install/Anaconda ) 
> >>>> why are services listening to IPv6 why is iptables IPv6 turned on etc...
> >>>>     
> >>>>         
> >>> Because the choice in Anaconda is only to set up the environment during installation, not carry over to the target system.  I used to do that in Anaconda (I would write NETWORKING_IPV6=no if the user disabled IPv6), but the initscripts package no longer honor that.  The policy in Fedora now is that IPv4 and IPv6 stacks are always present, but not necessarily configured.
> >>>
> >>> If you are not configuring IPv6, then nothing is listening on IPv6.  If you disagree, provide examples.
> >>>
> >>>   
> >>>       
> >> Do a fresh installation turn IPv6 during install, check if iptables-ipv6 
> >> is not running and service arent listening to IPv6 addresses.
> >>     
> >
> > I do hundreds of installations each week (I work on anaconda).  The ip6tables service is enabled by default, yes.  But that's a decision made by the package maintainer.
> >
> >   
> I thought others ( other than the package maintainer/s ) decided what 
> was running during startup.. but ok then I guess why hplip is enabled by 
> default because that package maintainer decide
> that everybody owned an hp printer so it should be enabled by default 
> :)  ( not meaning to offend none )

There are several groups at work here:
1) The package maintainer determines if a service should or should not be enabled by default IFF the package is installed.  That is, if a user installs a package that contains a service and init script, should the package installation process enable that service?  It depends and is really up to how the service is generally used or expected to work.  For example, if a user installs the openssh-server package, chances are pretty high that he or she will want the sshd service enabled.  So the package installation process does that in the postinstall.

2) The default package selections are the responsibility of the comps.xml owner, and that's where the committee comes in to play.  Should hplip be in the default installation selection?  That's defined in comps.xml.

3) Packaging policies and init script policies are the output of the Fedora community and FESCO, all of this is documented on the wiki (sometimes the documentation is lacking, but that's what wikis get us).

> You really knocked me of my horse there..
> 
> I honestly thought there was an committee  that  decided  this whole 
> startup process ( what's should and shouldn't be started)...

See above.

> > How are you looking to see if services are listening to IPv6 addresses?  On my system, I have eth0 configured for 192.168.4.21 and then fe80::211:25ff:fe12:9da0/64.  I also have loopback configured for 127.0.0.1 and ::1/128.
> >
> > The only IPv6 addresses on my system are link-local, nothing external.
> >
> >   
> Be it as it may at my opinion it should be listen to IPv6 local or 
> external if it's not enabled..

The default behavior of pretty much all networking services is to bind to all available interfaces unless told otherwise.  There are exceptions, of course.  There are always exceptions.

> >>>> Why is the system wasting time and resources in something I know I wont 
> >>>> be using and have turned it off ( or atleast belive I did )
> >>>>
> >>>> We can also created an resource waster script and let that be running in 
> >>>> the background and when you kill it, it echos turned off to the promt
> >>>> then respawns...
> >>>>     
> >>>>         
> >>> You're over reacting and being a bit hostile for no good reason.  If you want to talk about this concern, that's fine, but don't be hostile.
> >>>
> >>>   
> >>>       
> >> Being sarcastic, sorry if that offended someone..
> >>
> >> If we want to reduce boot time and resource and power
> >> We need to look into what services, we can turn off ( boot time related 
> >> ). IPv6 one I think can be turned off.
> >> When things are turned off then we need to make sure apps are constantly 
> >> checking if they are on and off and should process or not process 
> >> instruction related to
> >> the thing that is turned of ( cpu/ram/power ) related.
> >>     
> >
> > Reducing boot time, resources, and power are good goals, but disabling IPv6 isn't something I agree with.  The only way we can ensure Fedora will work correctly with IPv6 is to have it enabled _now_.  It's the sort of feature that annoys people now, but when they want it, they will want it to work perfectly right away.  There are those of us now who spend many hours working to get IPv6 support added to Fedora and when people want it in X number of years, maybe our work will be important then.
> >
> > If you really want to speed up booting, disable cups.  It stats thousands of files when the service starts up.
> >
> >   
> A lot of the service disable enable thing during boot up has been 
> discussed on an previous thread I started  "My 2 cents on the whole 
> Fedora to succeed as global...."

Yeah, that thread was a bit too long to draw me in.

> Another thread I started made an acceptable ( for all opinions I think ) 
> conclusion   "Services automaticly change firewall rules to open access 
> to them selfs."
> 
> But if this is as I think a boat without someone steering it we need to 
> have a yet another committee that works on implementing the voice of the 
> community.
> Other wise the whole discussion will be for, well nothing..

See above.  Sorry if I was confusing.

> Is there any reason we are not having this discussion on the list,
> if not I would gladly want you to forward this  whole discussion to the list
> since I am an firm believer of the community and it's discussion  and like
> everybody opinion to every reply be heard process and possible answered..
> For better or worse.
> 
> There's nothing wrong with healthy ( if they become )heated discussions,
> as longt as hey're kept on professional level...

Because you originally replied to me privately when I replied to your post on the list.  I took that as you wanting to keep the discussion private.  Send it back to the list, I'd prefer it there.

-- 
David Cantrell <dcantrell redhat com>
Red Hat / Westford, MA

Attachment: pgpeNYFcDeef8.pgp
Description: PGP signature


--- End Message ---

[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]