include much needed antivirus products in FC2
Nicolas Mailhot
Nicolas.Mailhot at laPoste.net
Thu Jan 8 23:44:39 UTC 2004
Le mer 07/01/2004 à 01:00, Michael Schwendt a écrit :
> On Wed, 07 Jan 2004 00:35:46 +0100, Thomas M Steenholdt wrote:
> > Name a core package that requires this amount of fiddling around before
> > it will work, and I will comment on it if I have ever used it... I can't
> > think on any!
>
> dhcpd, samba, ldap, mrtg, cvs, rsync, this-is-silly. There are many other
> services which don't come preconfigured to a level you would just need to
> run "service foo start" to get going. Not even mentioning any services
> which require GUI tools to configure them.
Don't get me wrong - I care zip about AV, never evaluated the different
packages available, etc. I do care about the "RedHat touch", which is
things should just work by default. Even atrocious packages like samba
come with a sane default config that will do something if the samba
service is started as-is.
And yes it's useless in normal life (production) because some apps want
to be customized before being really useful but it's a lifesaver for
people acquainting themselves with a new app (ie test setups). Hell,
even ntpd comes configured out of the box to sync with the internal
clock (not terribly useful since that's the one clock source that would
be used without ntp) but I've always found this kind of neutral setups
as crucial as howtos and other readmes.
It's not the case for everything - but one of the examples you give
(ldap) was the subject of a few threads lately and the lack of a default
usable config was described as a big bug/problme by pretty much
everyone.
If as you write there are security problems involved - make the default
setup as insanely pedantically secure as you want to. The point is there
should be a default setup, that should do something (even something so
utterly naïve/limited as to be useless except as an example).
When you argue users should just copy the example config in some magic
place because it's dangerous out of the box that speaks volumes about
the care you've spent on it. You're eluding problems and trying to push
them onto the user - how is he supposed to write a sane config if you're
not confident on your own ability to do it ?
If such complex and potentially dangerous/exposed RedHat services as
Apache, Postfix, Samba all come with a default config that is already
installed in the right place I can't see how you can justify not doing
it for your AV app.
Regards,
--
Nicolas Mailhot
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 189 bytes
Desc: Ceci est une partie de message num?riquement sign?e.
URL: <http://listman.redhat.com/archives/fedora-devel-list/attachments/20040109/c7cde1e2/attachment.sig>
More information about the fedora-devel-list
mailing list