Hello, On Nov 12 18:34 Yamaban wrote (excerpt):
it is remarkable that neither the 'big' databases (postgres/mysql) nor any of the httpd / imapd / popd / sshd have any of this 'special' handling in the spec file.
This is because normal users do not need that "big" stuff. And admins who install it are expected to know what to do. (sshd is perhaps an exception because normal users may need it but sshd is explicitly handled by YaST during installation.)
Personally, I vote for 'no enabling' for any daemon that can not be used in a secure way out of the box without user input for the configuration.
Personally I agree. But it does not work for normal (i.e. unexperieced) users who expect that after installing a software package that provides a service, that service of course "just works" out of the box (of course with basically all its fatures). As far as I understand Stanislav Brabec, this is what he likes to get solved, see his initial mail: --------------------------------------------------------------- for packages that are optional to install, but it they are installed and not active, they are broken. --------------------------------------------------------------- In short: How to package correctly a package that provides a service where the user experience would be "just broken crap" if the service would not be active after package install?
As it is, it is hair-rising in terms of security.
What do you expect when the decision under what circumstances what service should be enabled/disabled/started/stopped in what way is not implemented and maintained by a team who know what they do but is basically left to each individual package maintainer so that each individual package maintainer implements and maintains on his own what he honestly assumes is best. See also https://bugzilla.opensuse.org/show_bug.cgi?id=857372#c19 Kind Regards Johannes Meixner -- SUSE LINUX GmbH -- Maxfeldstrasse 5 -- 90409 Nuernberg -- Germany HRB 21284 (AG Nuernberg) GF: Jeff Hawn, Jennifer Guild, Felix Imendoerffer -- To unsubscribe, e-mail: opensuse-packaging+unsubscribe@opensuse.org To contact the owner, e-mail: opensuse-packaging+owner@opensuse.org