tfpd-server is part of the "network server" comp, and when installed, it is started automatically via xinetd. Especially considering that this comp gets included in "web server" and "ftp server" and "DNS name server", all of which increase the likelyhood of a machine being attacked or DoS'ed greatly. Having stuff like tfpd running is not a good thing for this type of machine.
Feature: installing the package enables the service. Don't install if you don't want. the service enabled.
*** Bug 16561 has been marked as a duplicate of this bug. ***
*** Bug 16560 has been marked as a duplicate of this bug. ***
*** Bug 16559 has been marked as a duplicate of this bug. ***
*** Bug 16558 has been marked as a duplicate of this bug. ***
The comp "Network Server" should then be removed from any standard comp. Starting most of the services in the "Network Server" comp by default is a mistake in almost all cases. I can't think of many cases where someone needs tftp or fingerd running where they wouldnt be able to figure out how to start it manually. With the current comps file, all of these useless services get installed and started with a default config with almost any network related comp. This is going to cause problems. I can count the number of people running a "Web Server" who automatically wont tftpd and talkd running on 0 hands. This is a bad idea. I dont think the standard user, or the power user or admin, is going to expect the "Web Server" installation option to startup a finger server or a talk server. This is extremely unexpected behaviour. Suggestion: move finger, talk, tftp,rwall, rusers,telnet, and ypserver to a "Misc Network Services" comp and _DO NOT_ include them in any of the Web/NFS/SMB/DNS/yp/News/etc server comps.