| 1 |
On Tue, 2006-02-28 at 09:01 -0600, MIkey wrote: |
| 2 |
> Patrick, lack of server support in the profiles is the bane of my existence. |
| 3 |
> Thank you for starting to address it. |
| 4 |
It's a known deficiency, so we should fix it :-) |
| 5 |
|
| 6 |
> I would prefer for it to be kept as simple and stripped down, as possible. |
| 7 |
> Particularly get rid of all of the USE flags that end up pulling in |
| 8 |
> X/gnome/multimedia related packages without manually editing portage |
| 9 |
> related files. Don't assume all users want to use all things by default, |
| 10 |
> pam and gpm, for examples. |
| 11 |
gpm yes, pam no. Anyone not using pam should know how to change that, as a default it is "good enough" |
| 12 |
|
| 13 |
> Here is my list of USE flags present in the 2006.0 profile that don't belong |
| 14 |
> in a basic server profile: |
| 15 |
> |
| 16 |
> X alsa apache2 apm arts avi bitmap-fonts cups eds emboss encode esd |
| 17 |
> foomaticdb gif gnome gpm gstreamer gtk gtk2 imlib ipv6 jpeg kde libg++ |
| 18 |
> libwww mad mikmod motif mp3 mpeg ogg opengl oss pam pdflib perl png python |
| 19 |
> qt quicktime readline sdl spell truetype truetype-fonts type1-fonts vorbis |
| 20 |
> xmms xv |
| 21 |
Right. What's left after removing those? |
| 22 |
(/me is lazy) |
| 23 |
> Any competent server administrator should know to select which apache they |
| 24 |
> want, which additional flags to add for php, and so on. |
| 25 |
I would not mind a few sane default flags. Having to enable 15 flags just to get php working is annoying and should be avoided if possible |
| 26 |
But I'm willing to compromise there as long as it's documented :-) |
| 27 |
|
| 28 |
> As far as the hardened, I would prefer separate profiles be created for |
| 29 |
> them. Not everyone who runs servers knows how to use them :) |
| 30 |
You shouldn't have to know how SSP works as long as it doesn't cause breakage and makes your system more secure. |
| 31 |
I'd like to have as much as possible enabled without reducing usability. |
| 32 |
|
| 33 |
> And finally, mask out php5 and newer versions of mysql until they work with |
| 34 |
> the majority of packages in portage :) |
| 35 |
I think if you create a new profile you can make disruptive changes, |
| 36 |
so ... why not mask the "bad" packages? :-) |
| 37 |
|
| 38 |
I think we have two groups of users here: |
| 39 |
- people who want a really minimal base to build upon |
| 40 |
- people who are lazy and want stuff to work out-of-the-box |
| 41 |
|
| 42 |
Using stacked profile might help here with a "minimal" and a "default" |
| 43 |
profile, but that'll be more work to maintain. |
| 44 |
|
| 45 |
|
| 46 |
Patrick |
| 47 |
-- |
| 48 |
Stand still, and let the rest of the universe move |
Archives