| 1 |
Yuri Vasilevski posted <20050616132044.2b689bd3@×××××.lan>, excerpted |
| 2 |
below, on Thu, 16 Jun 2005 13:20:44 -0500: |
| 3 |
|
| 4 |
> So I think it may be good for some packages to be split in several |
| 5 |
> packages (but right now I can't think of any), but I think it'll be much |
| 6 |
> better introduce more granularity into many ebuils with use flags. This is |
| 7 |
> specially the case (in my opinion) of packages that can have both client |
| 8 |
> and server functionality (the best example I can think of is net-fs/samba, |
| 9 |
> which I mostly use just to mount shares form other servers). |
| 10 |
|
| 11 |
The client/server thing is a concern for me here, as well, for security |
| 12 |
reasons. If I don't have an SSH server merged, it can't inadvertently |
| 13 |
be turned on somehow. SSH is apparently a dependency for something I have |
| 14 |
merged, and currently, it includes the SSH server. That worries me, as |
| 15 |
it's a server component on a normally client system, and is thus a |
| 16 |
potential security vuln. IMO, having it there when it's not used and the |
| 17 |
human behind the machine has no intention of running it, is just /asking/ |
| 18 |
for security issues. It shouldn't be there in the first place. |
| 19 |
Unfortunately, there's no USE flag to turn it off. |
| 20 |
|
| 21 |
Similarly with a couple of the DHCP packages I was looking at a few weeks |
| 22 |
ago. I normally run static IPs on a LAN behind a NAPT based router, |
| 23 |
giving me a /bit/ more leeway in terms of security on my Linux box, but |
| 24 |
decided to install some form of DHCP just in case. Several of those |
| 25 |
packages have both clients and servers, with apparently no way to only |
| 26 |
install the client, short of hacking the ebuild. IMO, that's not the way |
| 27 |
it should be. Gentoo isn't supposed to work that way, and PARTICULARLY in |
| 28 |
this sort of instance, where getting mixed up in your configuration may |
| 29 |
mean you start the server instead of the client, is a security risk that |
| 30 |
simply shouldn't have to be there in the first place. |
| 31 |
|
| 32 |
I'm sure there are other instances... |
| 33 |
|
| 34 |
IMO as a Gentoo user... |
| 35 |
|
| 36 |
-- |
| 37 |
Duncan - List replies preferred. No HTML msgs. |
| 38 |
"Every nonfree program has a lord, a master -- |
| 39 |
and if you use the program, he is your master." Richard Stallman in |
| 40 |
http://www.linuxdevcenter.com/pub/a/linux/2004/12/22/rms_interview.html |
| 41 |
|
| 42 |
|
| 43 |
-- |
| 44 |
gentoo-dev@g.o mailing list |
Archives