| 1 |
On Wed, 2003-10-29 at 21:29, Spider wrote: |
| 2 |
> > I wonder if it would be possible to somehow remotely "mount" the rest |
| 3 |
> > of |
| 4 |
> > the stuff such as gcc/python etc.. as with portage. So this way the |
| 5 |
> > system would be completely clean and when it needs to be updated a |
| 6 |
> > script would mount/link the tools from a remote system and after its |
| 7 |
> > done upgrading it would unlink and we are left with a lean clean |
| 8 |
> > system. |
| 9 |
> |
| 10 |
> http://ovlfs.sf.net/ (if I recall correctly) might be the thing here. |
| 11 |
|
| 12 |
What an idea! Never thought of such a thing. Definitly worth a look. |
| 13 |
|
| 14 |
> Another alternative is to use a staging machine to build binaries, then |
| 15 |
> simply untar the .tbz2 files, instead of using portage to do it. (evil |
| 16 |
> solution actually ;) |
| 17 |
|
| 18 |
> After that, some manual pruning should get the things in order. |
| 19 |
|
| 20 |
Yeah really evil. I guess this is what some people do. But I would |
| 21 |
prefer to have portage do the stuff instead of getting worries that I |
| 22 |
might have forgotten to fix a file or something.. |
| 23 |
|
| 24 |
> Though, for a server you don't gain anything in security by removing |
| 25 |
> compilers and development tools. perhaps in complexity and size, though. |
| 26 |
|
| 27 |
Well. Regarding security that is a bit relative. You do gain in the |
| 28 |
sense that the cracker has one less tool/option at hand and hence you |
| 29 |
gain a little bit more of the higher ground against the attacker. The |
| 30 |
less options/possibilites the cracker has the harder (even if its only a |
| 31 |
little bit) it gets to penetrate (although not impossible of course). |
| 32 |
|
| 33 |
Also as you state it is nice to have a simple clean lean system with a |
| 34 |
small footprint. |
| 35 |
|
| 36 |
I really don't know how valid my assumptions are, but I am willing to |
| 37 |
give it a shot to see what comes out of a de-Gentooizable Gentoo ;) |
| 38 |
|
| 39 |
Cheers, |
| 40 |
|
| 41 |
Vano |
| 42 |
|
| 43 |
|
| 44 |
-- |
| 45 |
gentoo-dev@g.o mailing list |
Archives