From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received: (qmail 26616 invoked by uid 1002); 29 Oct 2003 23:35:28 -0000 Mailing-List: contact gentoo-dev-help@gentoo.org; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Received: (qmail 10983 invoked from network); 29 Oct 2003 23:35:27 -0000 From: Vano D Reply-To: gentoo-dev@europeansoftware.com To: gentoo-dev@gentoo.org In-Reply-To: <20031029212939.0e0c7eee.spider@gentoo.org> References: <1067271771.28314.8.camel@morello> <20031027213515.GA30120@redhate.futuretel.com> <200310281010.08694.pauldv@gentoo.org> <1067358252.4856.2.camel@gentoo.europeansoftware.com> <20031029212939.0e0c7eee.spider@gentoo.org> Content-Type: text/plain Message-Id: <1067470537.4944.50.camel@gentoo.europeansoftware.com> Mime-Version: 1.0 X-Mailer: Ximian Evolution 1.4.5 Date: Thu, 30 Oct 2003 00:35:37 +0100 Content-Transfer-Encoding: 7bit Subject: Re: [gentoo-dev] Gentoo Embedded X-Archives-Salt: da3e585d-c36d-438f-8b44-c5ed45d859f7 X-Archives-Hash: 6f565f6919ff8fd611063d160600ad16 On Wed, 2003-10-29 at 21:29, Spider wrote: > > I wonder if it would be possible to somehow remotely "mount" the rest > > of > > the stuff such as gcc/python etc.. as with portage. So this way the > > system would be completely clean and when it needs to be updated a > > script would mount/link the tools from a remote system and after its > > done upgrading it would unlink and we are left with a lean clean > > system. > > http://ovlfs.sf.net/ (if I recall correctly) might be the thing here. What an idea! Never thought of such a thing. Definitly worth a look. > Another alternative is to use a staging machine to build binaries, then > simply untar the .tbz2 files, instead of using portage to do it. (evil > solution actually ;) > After that, some manual pruning should get the things in order. Yeah really evil. I guess this is what some people do. But I would prefer to have portage do the stuff instead of getting worries that I might have forgotten to fix a file or something.. > Though, for a server you don't gain anything in security by removing > compilers and development tools. perhaps in complexity and size, though. Well. Regarding security that is a bit relative. You do gain in the sense that the cracker has one less tool/option at hand and hence you gain a little bit more of the higher ground against the attacker. The less options/possibilites the cracker has the harder (even if its only a little bit) it gets to penetrate (although not impossible of course). Also as you state it is nice to have a simple clean lean system with a small footprint. I really don't know how valid my assumptions are, but I am willing to give it a shot to see what comes out of a de-Gentooizable Gentoo ;) Cheers, Vano -- gentoo-dev@gentoo.org mailing list