OK, the weight of opinion has convinced me :)

	Proposal:
	    - If any portmap dependent service is enabled without
	      portmap, syslog a big warning, and disable service.
	    - Add a comment in rc.conf by each portmap dependent
	      service to the effect it needs portmap enabled.

		David/absolute

On Fri, 19 Nov 1999, Curt Sampson wrote:

> On Fri, 19 Nov 1999, David Brownlee wrote:
> 
> > 	I would agree with you if the default was portmap=YES, but in
> > 	-current the default is portmap=NO.
> > 
> > 	The argument now is that if I set 'nfs_client=YES' it should
> > 	start everything needed to work as an nfs client.
> > 
> > 	I still support having an extra 'WARNING:' in this case, but
> > 	I would expect it to start portmap.
> 
> I really, really object to it starting portmap unless it's been
> specifically requested. It's better to have a system default to
> being secure, and have the novice spend an hour trying to figure
> out why it doesn't work, than to have it default to insecure, save
> the novice an hour, and have a compromised machine later on.
> 
> I say put in the warning, add a question to the FAQ, and live with
> the queries this generates on the mailing list.
> 
> cjs
> --
> Curt Sampson  <cjs@cynic.net>   917 532 4208   De gustibus, aut bene aut nihil.
> The most widely ported operating system in the world: http://www.netbsd.org
>