Johnny Hughes wrote:
The thing I always wanted from an 'everything' install was the expertise
of the distribution packager as to whether something would likely be
useful to have installed. Someone, somewhere must have known enough
about the packages to decide what was worth including in the
distribution. I'd take their word for whether it should be on my hard
disk or not.
If the distribution packager wanted you to install everything, there
would not
be any options of what to install. It would always be an "everything"
install.
Not true. There was a time when distributions included "everything" as
one among several more specialized and limited choices. Now you only
get the limited versions.
I have been guilty of an "everything" install in the past. It is much harder
to remove things that you are not sure you need than it is to just install
something you do need. If you are doing something that requires a new bit of
fluff, you just need to "yum install fluff" and now you have it. I think you
learn much more by knowing what and why you install something.
Look at the RedHat security report in the thread entitled:
"security report from RHEL's Mark Cox"
You will see a 20x increase (from 3 to 60) of non-browser "Critical"
security issues if you move from a "Default Install" to full install.
Note: That is not moving from a minimal install (with many fewer
issues) ... but the default install (with GUI, Gnome, etc.) to a full
install.
That's not the way I read it. The 3 is for a default AS install. A
default WS install is 53 with the bulk of the difference coming from the
mozilla family that you absolutely would want to have on a
desktop/development/general purpose box.
Not only are you GREATLY increasing your risk by doing a full
install ... the riskiest items are the ones that you don't use (or even
know what they do) that are enabled in their default setup conditions as
part of the everything install. If you turn off items that you don't
need that enable listening ports it will mitigate this issue somewhat.
It is not just a little bit of extra hard drive space ... it is a
potential way to get your machine taken over and root kitted.
Agreed for single-purpose machines, and tolerable for machines where all
users are allowed to become root and install things as needed. No one
has posted a solution for a multiuser, general purpose box yet.
But then again, what do I know Linux or CentOS.
You have added yet another reason why it should be the experts familiar
with all the packages that pick a complete general-purpose list instead
of end users guessing at it. Checking all of the choices sort-of works
but it's not clear that it gives the best selection.
--
Les Mikesell
lesmikesell@xxxxxxxxx
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
