sshd by default -> no [Was: Runlevel Configuration in g-s-t]

Sun Sep 19 10:59:42 UTC 2004

Daniel Stone wrote:

>On Sun, Sep 19, 2004 at 09:09:17AM +0000, John wrote:
>  
>
>>Jeff Waugh wrote:
>>    
>>
>>><quote who="John">
>>>      
>>>
>>>>It may not be necessary _for you_, but your judging my requirements is
>>>>silly.
>>>>        
>>>>
>>>We're not basing these decisions on our own preferences, we're basing them
>>>on the greatest common factor of user needs. sshd simply isn't required by
>>>most classes of users in a default desktop system. We make it very easy to
>>>install. Thus, we easily satisfy two classes, while keeping our default
>>>configuration simple and sane. We, as technical users, may prefer to have
>>>sshd on every machine, but that is not the case for most desktop users.
>>>      
>>>
>>How do you see maintenance being done in a corporate environment?
>>    
>>
>
>sudo apt-get install openssh-server
>
>A corporate environment would require some customisation and tweaking,
>anyway -- this would just be one of the tweaks.
>
>  
>
>>>Installing sshd is as simple as 'sudo apt-get install openssh-server' once
>>>you've installed the system. It would be the same number of commands (one)
>>>to enable it even if it were installed already (because we would not enable
>>>it by default, as per no-listening policy). Plus, it'll be even easier to
>>>install in HoaryHedgehog.
>>>      
>>>
>>In an Anaconda-using distro I simply list the package in the appropriate 
>>section, maybe a script in the post-install section and it's done.
>>
>>Don't need to insert CD, or type more commands or anything.  At present, 
>>there is no simple automatic way to adjust the package selection in Ubuntu.
>>    
>>
>
>sudo apt-get install openssh-serer
>  
>
That's neither simple nor automatic. Nor correct:-)

If I use Anaconda to install, I can easily make any software selection 
my standard.

>>Rob annoyed me because he contradicted a point I made. I justfied my 
>>preference with a concrete example,  He simply poopooed the idea.
>>
>>If you have surveys of your market that is going to actually pay you 
>>money that reveal remote maintenance is unimportant, that's fine. Ship 
>>that way. It's not my feeling, but I have not done surveys.
>>    
>>
>
>sudo apt-get install openssh-server
>
>A corporate environment would require some customisation and tweaking,
>anyway -- this would just be one of the tweaks.
>  
>

For thousands of machines? You're off your head. Per-machine manual 
changes might be the Windows way, but it's not what I would expect of a 
Unix or Linux system.

Here's my non-standard package selection for Taroon, a Red Hat beta:
%packages
vim-enhanced
procinfo
pine
lsof
lynx
strace
mailman
imap

I actually loaded it off a webserver, but it could have been on a CD, 
floppy, in the initrd.

Customisation after the install is similar to that done after installing 
a deb, a perl or shell script.

My disagreement with the vendor's package selection was not an issue 
because it was so easily changed.