1 |
On 10/30/2010 05:09 AM, Markos Chandras wrote: |
2 |
> On Sat, Oct 30, 2010 at 10:05:17AM +0400, Peter Volkov wrote: |
3 |
>> В Птн, 29/10/2010 в 09:11 -0700, Alec Warner пишет: |
4 |
>>> On Fri, Oct 29, 2010 at 5:21 AM, Markos Chandras <hwoarang@g.o> wrote: |
5 |
>>> Can I install a machine with the server profile and USE=-ldap, but |
6 |
>>> still get ldap + pam working? |
7 |
>>> Can I install a machine with the server profile and USE=-apache, but |
8 |
>>> still get apache + php working? apache + rails? |
9 |
>>> How many packages support each USE flag? |
10 |
>>> How many of those packages have IUSE defaults for +ldap or +apache already? |
11 |
>> |
12 |
>> Having lxc/openvz/vserver technologies at hand it's not rare to split |
13 |
>> LAMP server into a number of virtual servers (containers): mysql / |
14 |
>> backend with php / frontend / smtp - everything sits in its own |
15 |
>> container. And USE=apache will be used only in _one_ container. Also not |
16 |
>> all servers are web servers. So IMO server profile should be just |
17 |
>> minimal profile that hints users that this profile will stay minimal and |
18 |
>> usable for all kinds of servers. That said I think server profile is |
19 |
>> useless and for servers I maintain my own profiles. |
20 |
>> |
21 |
>> -- |
22 |
>> Peter. |
23 |
>> |
24 |
>> |
25 |
> Exactly! How about the warning message. Should the statement about |
26 |
> gcc+glibc be removed and keep the one about hardened but make it a bit |
27 |
> different?Like "This profile is making use of a minimal set of use flag. |
28 |
> You may find it useful in a server environment. However, If you are seeking |
29 |
> for extra security, please check the Hardened project |
30 |
> (http://hardened.gentoo.org)." |
31 |
> |
32 |
|
33 |
What exactly is the intended use of the server flag? |
34 |
|
35 |
When I want a minimal image, I usually just use the default profile. |
36 |
That is pretty-much a bare-bones gentoo install. I can see the use of |
37 |
desktop, and I can see the use of hardened. Right now server just looks |
38 |
like default with random stuff for various kinds of servers added. |
39 |
|
40 |
I could see if server had a different set of keywords and QA policy |
41 |
(like debian stable), or if there were a set of use flags that would be |
42 |
universally useful on a server and not on a desktop. |
43 |
|
44 |
Right now it just seems like the server profile exists since lots of |
45 |
other distros have server editions, so we should too. If that is the |
46 |
case, why not just point users to the default profile, or hardened?' |
47 |
|
48 |
I'd be curious what the users of the server profile say. If anything |
49 |
they are the ones we should be listening to since they've found a use |
50 |
for it. |
51 |
|
52 |
Rich |