On Wed, Mar 2, 2011 at 11:54 PM, Klaus Ethgen <kl...@ethgen.de> wrote: > -----BEGIN PGP SIGNED MESSAGE----- > Hash: SHA512 > > Am Mi den 2. Mär 2011 um 18:25 schrieb Bastien ROUCARIES: >> More and more packages depend on avahi aka zeroconf. I have found some >> information on http://wiki.debian.org/ZeroConf >> >> Because I work in a untrusted work place and home network (public networks, >> wifi...) I whish to purge zeroconf functionnality. > > I fighted this bunch of functionality since long ago. The whole zerconf > stuff is only useful in secure and clear defined environments. But there > you don't need it anyway. > > With zeroconf there is some thinks that play together and has to be > killed: > - - avahi (-daemon) -- as you find by yourself -- and the packages > zeroconf, libnss-mdns, avahi-autoipd, avahi-daemon. > - - The package slpd > - - The linklocal route (169.254.0.0)
Ok so this package should be marked as suggest only ? Will fill bug, if needed as a whislist level. >> Does avahi could be disable (using kernel level firewalling is not from my >> point of view a solution) ? > > See above. > >> And more specifically from an administrator point of view does avahi could >> library could be made purgeable and no more than suggest >> dependencies (I am willing to fill a mass bug report because purging avahi >> will purge gnome and kde ...) ? > > Well, as I do not use gnome nor kde I am not concerned from this > dependencies. > >> And moreover could you give a clear answer about the security risk on >> untrusted network ? > > That is difficult. It depends on the environment. If you have a clear > and secure environment, zeroconf is not that insecure. But in all other > environments you do not want to have it. Ok so a telnet equivalent from a security point of view... Regards Bastien > Regards > Klaus -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/AANLkTimVgZuWM-btAmjJeT1+goPrqtUR2PY2yBG=4...@mail.gmail.com
