tech-userlevel archive

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]

New callhome(8) page; comments?


I've written a manual page whose purpose is to collect, in a single
place, the full list of system components that perform any network
access.  (I first saw this same thing in Windows' EULA and I thought
it was a nice way thing to document.)  I plan to reference this page
from sysinst as soon as I have the time to implement a question on
whether to enable or disable such services.

Unimaginatively, I've named the page callhome(8).  Any suggestions for
a better name?

The current contents, preformatted:

CALLHOME(8)             NetBSD System Manager's Manual             CALLHOME(8)

     callhome -- system components that require access to external servers

     NetBSD includes features that require access to public servers on the
     Internet to download up-to-date data.

     Following NetBSD's policy of not performing any network activity after a
     fresh installation, all these services are disabled by default.  The fol-
     lowing subsections provide a description of what these services are and
     pointers on how to enable/disable them.

   Package vulnerabilities database
     The security team in charge of the packages system collects a list of
     vulnerabilities that affect the packages provided by pkgsrc.  This vul-
     nerabilities database is constantly updated by the security team.  The
     packages system can take advantage of the database to detect if any of
     the installed packages is vulnerable.

     The daily system maintenance scripts can refresh this database so that
     the local copy is up to date and thus usable by the security checks.  To
     do so, set `fetch_pkg_vulnerabilities=YES' in daily.conf(5).

     The above setting only controls whether the database is refreshed or not.
     The actual vulnerable packages check is run by the daily security checks
     script and is controlled from security.conf(5).  However, this is already
     enabled by default because it does not require any network access.


     This document first appeared in NetBSD 6.0.

NetBSD 5.0                     January 24, 2010                     NetBSD 5.0

Julio Merino

Home | Main Index | Thread Index | Old Index