Em 29-04-2014 18:27, Martin Langhoff escreveu:
On Tue, Apr 29, 2014 at 5:12 PM, Reindl Harald <h.reindl@xxxxxxxxxxxxx
<mailto:h.reindl@xxxxxxxxxxxxx>> wrote:
defense in depth means limit the attack surface as much as you can
As folks are trying to point out to you, these principles are well
understood in this group.
However, _any minimally usable environment will have a scripting engine_
-- /bin/sh, python, and having _any_ of those general purpose tools
available is enough for the attacker.
On your own machines, you might gain some (limited) advantage removing
some of them.
Fedora and its derivatives, OTOH, are a large enough target that it's
worth for attackers to tailor attacks to it. So removing some tools
won't do much, and removing _all_ tools will ruin everyone's day.
Hm? Okay, thread got long, but I don't recall anybody saying to remove
scripting engines & etc. The point always was being able to have docker
images without systemd, just because it's just not needed in there, and
the thread got drifted away on 'may or not be a security liability'.
It's part of getting Fedora somewhat optimized for containers.
Anyway, sounds like we have even already agreed to remove the Requires,
if I'm reading the thread correctly. So yeah, nothing much left to
discuss in here ;)
Cheers,
Marcelo
--
devel mailing list
devel@xxxxxxxxxxxxxxxxxxxxxxx
https://admin.fedoraproject.org/mailman/listinfo/devel
Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
