Re: "hard core" linux

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 

Russell Coker wrote:
Sure, if you are prepared to pull out so much desktop stuff then that's a possibility. I was assuming that you wouldn't want to make such radical changes.
I'll have to try it and see how bad it is. I've got an "everything install" of FC4 that I can do surgery on.
If I have to destroy my desktop to excise the media player, then there are too many dependencies -- and it's starting to feel like Microsoft territory, where Microsoft went on for years insisting that it was impossible to sell Windows w/o Windows Media Player.
Surely there's a way of preventing that, I don't know enough about rpm dependencies to know how to do it, but it must be possible. 


   I'll have to look into that.
Also if you install tar-balls in /usr/local then you have no way of tracking files and versions which may have security implications if there are SUID or SGID programs.
I never install binary tarballs in /usr/local unless there's a reason why I can't build it myself.
The configuration management problem for files managed by sysadmins is a general problem. Just the other day me and another sysadmin on a Solaris system were wondering who added a user to /etc/passwd. It wasn't a security problem, but the user who created it didn't go through the right channels to create users. It would be nice to be able to see who did it when. There's tripwire (too slow, too hard to configure) and a number of lightweight imitators. Type-A sysadmins probably like systems like tripwire, but I'd rather have some dnotify-based 'spyware' that keeps track of what I have in /usr/local/
You also take risks running out of rpm -- unless you're willing to make your own rpms (all the same work to compile from source and then some) you have to wait for somebody else to package something as an rpm. For instance, I'd never run the Apache rpm that comes with Fedora/RHEL on a production system because I like to know what's in my Apache... Fedora seems to be a bit fresher, but I doubt that RHEL has updated Apache 2 promptly with every version that comes out -- and I had a rough ride with Apache 2 until 2.0.54.
If I had to maintain a large cluster of machines, I might have a different opinion.
That said, media players ~are~ pretty dangerous, since they play files that people get off the net -- we've seen exploits against zlib, winamp.... (Although stackguard is going to help and more people will try to hit Win32 than Linux.) 





--
fedora-devel-list mailing list
fedora-devel-list@xxxxxxxxxx
http://www.redhat.com/mailman/listinfo/fedora-devel-list
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[Index of Archives]     [Fedora Announce]     [Fedora Kernel]     [Fedora Testing]     [Fedora Formulas]     [Fedora PHP Devel]     [Kernel Development]     [Fedora Legacy]     [Fedora Maintainers]     [Fedora Desktop]     [PAM]     [Red Hat Development]     [Gimp]     [Yosemite News]
  Powered by Linux