On Wed, 30.04.14 09:44, Daniel J Walsh (dwalsh@xxxxxxxxxx) wrote: > > On 04/29/2014 05:47 PM, Marcelo Ricardo Leitner wrote: > > Em 29-04-2014 18:27, Martin Langhoff escreveu: > >> On Tue, Apr 29, 2014 at 5:12 PM, Reindl Harald <h.reindl@xxxxxxxxxxxxx > >> <mailto:h.reindl@xxxxxxxxxxxxx>> wrote: > >> > >> defense in depth means limit the attack surface as much as you can > >> > >> > >> As folks are trying to point out to you, these principles are well > >> understood in this group. > >> > >> However, _any minimally usable environment will have a scripting engine_ > >> -- /bin/sh, python, and having _any_ of those general purpose tools > >> available is enough for the attacker. > >> > >> On your own machines, you might gain some (limited) advantage removing > >> some of them. > >> > >> Fedora and its derivatives, OTOH, are a large enough target that it's > >> worth for attackers to tailor attacks to it. So removing some tools > >> won't do much, and removing _all_ tools will ruin everyone's day. > > > > Hm? Okay, thread got long, but I don't recall anybody saying to remove > > scripting engines & etc. The point always was being able to have > > docker images without systemd, just because it's just not needed in > > there, and the thread got drifted away on 'may or not be a security > > liability'. > > > > It's part of getting Fedora somewhat optimized for containers. > > > > Anyway, sounds like we have even already agreed to remove the > > Requires, if I'm reading the thread correctly. So yeah, nothing much > > left to discuss in here ;) > > > > Cheers, > > Marcelo > > > I agree, where do I open a bugzilla to make this happen? rpm? Distro? > Systemd? file a fpc ticket first. https://fedorahosted.org/fpc/ Lennart -- Lennart Poettering, Red Hat -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
