1 |
On Thu, Dec 4, 2014 at 12:37 PM, Christopher Head <chead@×××××.ca> wrote: |
2 |
> |
3 |
> What if now, by some accident, iptables ends up in a loop (maybe not even a loop including $insecure_service, but some other loop entirely), and it’s the randomly chosen victim? Is it still good to boot as many services as possible? I think not. |
4 |
|
5 |
My understanding of the algorithm is that it explicitly does not break |
6 |
on "need" boundaries and cycle breaking doesn't affect the rest of the |
7 |
graph. So in that scenario, if iptables isn't started, your |
8 |
hypothetical insecure service won't be started either. It's rather |
9 |
conservative and sane, IMO. |
10 |
|
11 |
-Wyatt |