On 04/29/2014 05:47 PM, Marcelo Ricardo Leitner wrote: > Em 29-04-2014 18:27, Martin Langhoff escreveu: >> On Tue, Apr 29, 2014 at 5:12 PM, Reindl Harald <h.reindl@xxxxxxxxxxxxx >> <mailto:h.reindl@xxxxxxxxxxxxx>> wrote: >> >> defense in depth means limit the attack surface as much as you can >> >> >> As folks are trying to point out to you, these principles are well >> understood in this group. >> >> However, _any minimally usable environment will have a scripting engine_ >> -- /bin/sh, python, and having _any_ of those general purpose tools >> available is enough for the attacker. >> >> On your own machines, you might gain some (limited) advantage removing >> some of them. >> >> Fedora and its derivatives, OTOH, are a large enough target that it's >> worth for attackers to tailor attacks to it. So removing some tools >> won't do much, and removing _all_ tools will ruin everyone's day. > > Hm? Okay, thread got long, but I don't recall anybody saying to remove > scripting engines & etc. The point always was being able to have > docker images without systemd, just because it's just not needed in > there, and the thread got drifted away on 'may or not be a security > liability'. > > It's part of getting Fedora somewhat optimized for containers. > > Anyway, sounds like we have even already agreed to remove the > Requires, if I'm reading the thread correctly. So yeah, nothing much > left to discuss in here ;) > > Cheers, > Marcelo > I agree, where do I open a bugzilla to make this happen? rpm? Distro? Systemd? -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
