On Thu, Sep 20, 2001 at 09:16:00PM +0200, Bill Allombert wrote: > What you really want to do is to implement > Recommanded-Conflicts: brokenmailer, etcpassoire, trivialtohackftpd > or even > Suggested-Conflicts: easyr00ted, lametelnetd > Right ? > > Well, creates an > harden-recommanded-conflicts package > that conflicts with brokenmailer, etcpassoire, trivialtohackftpd > and a harden-suggested-conflicts package > that conflicts with easyr00ted, lametelnetd > > Then make task-harden to Recommands: harden-recommanded-conflicts and > Suggests: harden-suggested-conflicts.
Well I'll have to make a lot of packages then: harden-servers-recommended-conflicts harden-servers-suggested-conflicts harden-clients-recommended-conflicts harden-clients-suggested-conflicts harden-localflaws-recommended-conflicts harden-localflaws-suggested-conflicts harden-remoteflaws-recommended-conflicts harden-remoteflaws-suggested-conflicts That sounds to me, to be quite a lot of unnecessary packages. > It is not the real things, but closer than removing packages, because > it last after installation.(your scheme does not prevend etcpassoire too > be installed after task-harden) > (the real thing woud be to have a handful of packages > harden-conflict-brokenmailer,harden-conflict-etcpassoire, > harden-conflict-trivialtohackftpd etc... that each conflicts with the > named package, but it lead to half dozen stupid virtual package more.) > > Also consider how works task-packages: Well I have changed task-harden to harden because it is not a real task package. Task packages should not conflict anything. Tasksel does not support that though (as I have heard). > It is an empty package. We install it. We got all the Depended, Recommended > packages. Afterward we can remove it safely, without affecting these > packages. > So if tasken-harden conflicts with easyr00ted and I really need/want > easyr00ted, I can remove task-harden after it has been successfully installed > and install easyr00ted. > > If too many people object that conflict in task package are evil, then > use an intermediate package as described above. The thing is that sometimes it is better to have a package installed than to remove it. For example the *flaws packages can change on the way. And if you do not note the REMOVE line when using apt and/or dselect you will suddenly have some packages removed. And that can be a bad thing if used on a production server. I have had quite a lot complains about that. But that is not the most informative part. Sometimes I want to ask the user if he/she want the package installed and inform about the risks. Information is a good part of securing the server. Regards, // Ola > HTH, > > Bill. <[EMAIL PROTECTED]> > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > -- --------------------- Ola Lundqvist --------------------------- / [EMAIL PROTECTED] Björnkärrsgatan 5 A.11 \ | [EMAIL PROTECTED] 584 36 LINKÖPING | | +46 (0)13-17 69 83 +46 (0)70-332 1551 | | http://www.opal.dhs.org UIN/icq: 4912500 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / ---------------------------------------------------------------
