On 05/02/2014 06:32 AM, Lennart Poettering wrote: > On Wed, 30.04.14 09:44, Daniel J Walsh (dwalsh@xxxxxxxxxx) wrote: > >> On 04/29/2014 05:47 PM, Marcelo Ricardo Leitner wrote: >>> Em 29-04-2014 18:27, Martin Langhoff escreveu: >>>> On Tue, Apr 29, 2014 at 5:12 PM, Reindl Harald <h.reindl@xxxxxxxxxxxxx >>>> <mailto:h.reindl@xxxxxxxxxxxxx>> wrote: >>>> >>>> defense in depth means limit the attack surface as much as you can >>>> >>>> >>>> As folks are trying to point out to you, these principles are well >>>> understood in this group. >>>> >>>> However, _any minimally usable environment will have a scripting engine_ >>>> -- /bin/sh, python, and having _any_ of those general purpose tools >>>> available is enough for the attacker. >>>> >>>> On your own machines, you might gain some (limited) advantage removing >>>> some of them. >>>> >>>> Fedora and its derivatives, OTOH, are a large enough target that it's >>>> worth for attackers to tailor attacks to it. So removing some tools >>>> won't do much, and removing _all_ tools will ruin everyone's day. >>> Hm? Okay, thread got long, but I don't recall anybody saying to remove >>> scripting engines & etc. The point always was being able to have >>> docker images without systemd, just because it's just not needed in >>> there, and the thread got drifted away on 'may or not be a security >>> liability'. >>> >>> It's part of getting Fedora somewhat optimized for containers. >>> >>> Anyway, sounds like we have even already agreed to remove the >>> Requires, if I'm reading the thread correctly. So yeah, nothing much >>> left to discuss in here ;) >>> >>> Cheers, >>> Marcelo >>> >> I agree, where do I open a bugzilla to make this happen? rpm? Distro? >> Systemd? > file a fpc ticket first. > > https://fedorahosted.org/fpc/ > > Lennart > I did. -- devel mailing list devel@xxxxxxxxxxxxxxxxxxxxxxx https://admin.fedoraproject.org/mailman/listinfo/devel Fedora Code of Conduct: http://fedoraproject.org/code-of-conduct
