openssh loads sshd?

Daniel J. Luke dluke at geeklair.net
Wed Jul 21 13:40:31 PDT 2010 

On Jul 21, 2010, at 4:31 PM, Scott Webster wrote:
> That would probably work.  Another possibility is sending the user a
> message during installation (ui_msg?) that tells them what is going on
> (each maintainer would have to add a customized message to their port
> if necessary).  And/or we could have the default installs (assuming
> user performs instructed actions) leave the system in a secure state,

That's the intention of the current setup (launchd plist is installed, but not activated unless/until someone runs either launchctl or port to load it).

The generic message (run port load foo) doesn't differentiate between a plist for daemon that might allow remote access or one that doesn't. I think we've generally presumed that an end user installing ssh (or apache, or an ftp daemon) knows what they're doing when they load the plist (and isn't just blindly entering any command that is suggested).

> Anyway, there is a tradeoff between reducing work for the user (ie.
> turn on what they likely want) and surprising some people with
> unexpected situations (eg. me almost running an ssh server without
> realizing it).

Yep. Maybe we should re-word the message. It might make sense to have a different message for anything that is going to run a local server vs. anything that is going to run a remotely accessible service (although something like postgres could be either depending on the configuration). In any event, it should be clear that running 'port load' will cause something to run that could be a security concern for the end-user.

--
Daniel J. Luke                                                                   
+========================================================+                        
| *---------------- dluke at geeklair.net ----------------* |                          
| *-------------- http://www.geeklair.net -------------* |                          
+========================================================+                        
|   Opinions expressed are mine and do not necessarily   |                          
|          reflect the opinions of my employer.          |                          
+========================================================+

More information about the macports-users mailing list