From mboxrd@z Thu Jan 1 00:00:00 1970 Received: from [140.105.134.102] (helo=robin.gentoo.org) by nuthatch.gentoo.org with esmtp (Exim 4.43) id 1DjHPw-0001Tk-9f for garchives@archives.gentoo.org; Fri, 17 Jun 2005 14:01:56 +0000 Received: from robin.gentoo.org (localhost [127.0.0.1]) by robin.gentoo.org (8.13.4/8.13.4) with SMTP id j5HE0ZHV018721; Fri, 17 Jun 2005 14:00:35 GMT Received: from smtp04.gnvlscdb.sys.nuvox.net (smtp.nuvox.net [64.89.70.9]) by robin.gentoo.org (8.13.4/8.13.4) with ESMTP id j5HDvCD6023841 for ; Fri, 17 Jun 2005 13:57:12 GMT Received: from cgianelloni.nuvox.net (216.215.202.4.nw.nuvox.net [216.215.202.4]) by smtp04.gnvlscdb.sys.nuvox.net (8.12.11/8.12.11) with SMTP id j5HDvcOJ022885 for ; Fri, 17 Jun 2005 09:57:38 -0400 Received: by cgianelloni.nuvox.net (sSMTP sendmail emulation); Fri, 17 Jun 2005 09:56:52 -0400 Subject: Re: [gentoo-dev] Re: splitting one source package into many binaries From: Chris Gianelloni To: gentoo-dev@lists.gentoo.org In-Reply-To: References: <564d96fb0506160950b9752bf@mail.gmail.com> <42B1B997.5070003@gentoo.org> <20050616132044.2b689bd3@edune.lan> Content-Type: multipart/signed; micalg=pgp-sha1; protocol="application/pgp-signature"; boundary="=-JGBt9fdwPhryUweRGK67" Organization: Gentoo Linux Date: Fri, 17 Jun 2005 09:56:52 -0400 Message-Id: <1119016612.13606.13.camel@cgianelloni.nuvox.net> Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-Id: Gentoo Linux mail X-BeenThere: gentoo-dev@gentoo.org Reply-to: gentoo-dev@lists.gentoo.org Mime-Version: 1.0 X-Mailer: Evolution 2.2.2 X-Archives-Salt: 31caf935-956e-4e0c-b4c8-3c97e53b20bf X-Archives-Hash: 1e8ead40eb672a9e8941782706c85c87 --=-JGBt9fdwPhryUweRGK67 Content-Type: text/plain Content-Transfer-Encoding: quoted-printable On Fri, 2005-06-17 at 01:21 -0700, Duncan wrote: > The client/server thing is a concern for me here, as well, for security > reasons. If I don't have an SSH server merged, it can't inadvertently > be turned on somehow. SSH is apparently a dependency for something I hav= e > merged, and currently, it includes the SSH server. That worries me, as > it's a server component on a normally client system, and is thus a > potential security vuln. IMO, having it there when it's not used and the > human behind the machine has no intention of running it, is just /asking/ > for security issues. It shouldn't be there in the first place.=20 > Unfortunately, there's no USE flag to turn it off. There is zero security risk unless you, as root, start the server. > Similarly with a couple of the DHCP packages I was looking at a few weeks > ago. I normally run static IPs on a LAN behind a NAPT based router, > giving me a /bit/ more leeway in terms of security on my Linux box, but > decided to install some form of DHCP just in case. Several of those > packages have both clients and servers, with apparently no way to only > install the client, short of hacking the ebuild. IMO, that's not the way > it should be. Gentoo isn't supposed to work that way, and PARTICULARLY i= n > this sort of instance, where getting mixed up in your configuration may > mean you start the server instead of the client, is a security risk that > simply shouldn't have to be there in the first place. I think you have the wrong assumption here on how Gentoo is "supposed to work". Gentoo ships packages as close to how upstream packages them as possible. If you have a problem with the daemon being shipped with the client, then complain upstream. We have always provided the package as determined by upstream. Splitting packages is a waste of developer time and also makes things much more complex dependency-wise. If you do not want the binary for the server installed, then edit the ebuild yourself, remove the binary, or use INSTALL_MASK. It isn't like we have not provided methods for you to do this yourself. You cannot expect us to provide for every possible scenario and still get anything accomplished. --=20 Chris Gianelloni Release Engineering - Strategic Lead/QA Manager Games - Developer Gentoo Linux --=-JGBt9fdwPhryUweRGK67 Content-Type: application/pgp-signature; name=signature.asc Content-Description: This is a digitally signed message part -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.1 (GNU/Linux) iD8DBQBCstakkT4lNIS36YERAvXAAJ4nDJHs9bxc1lWTzoRD4ynNQV1L1gCgghcG Rvhv9REnAubQKwf4S1+osK0= =OJzg -----END PGP SIGNATURE----- --=-JGBt9fdwPhryUweRGK67-- -- gentoo-dev@gentoo.org mailing list