= phenomenon =
Recent changes to the packaging guidelines are unclear as to intent about whether services that listen on local/unix-domain network sockets only are now welcome to be default-on vs. previously default-off.
Note that this issue is separate from the default-off policy for traditional network servers, which are left to the spin/edition working groups' discretion to permit.
= background analysis =
= implementation recommendation =
Decision sought about whether previous security concerns (such as prevention of local privilege escalation) are now acceptable, traded against the extra out-of-the-box functionality possible with more services. Some possible outcomes:
1) Roll back the policy wording to "does not listen on a network socket" (as being a condition for default-on). Note that this older wording is also unclear, as e.g. unix-domain sockets may or may not be deemed "network sockets".
2) Adopt the more expansive/welcoming definition, designating the external network as the main source of threat and the localhost as only an acceptable lesser one.
Do we need a new ticket here?
sgallagh reopened ticket 1441 to discuss this...
agreed Rephrase this line as "If a service does not require configuration to be functional and does not listen on a network socket for connections originating on a separate physical or virtual machine" (+5,-1,1)
(Sorry for missing the IRC meeting, but this trac item wasn't 'meeting'-keyworded, so I wasn't expecting the topic to come up yet.)
to comment on this ticket.