On Sat, 2005-06-18 at 05:17 -0700, Duncan wrote: > > There is zero security risk unless you, as root, start the server. > > I get the point, but if it's not there to be started, it cannot be > started, thru some fat-fingering on the part of a confused admin trying to > launch the client, or any other way. If it's needed, that's one thing, but > if it's not needed, it shouldn't be there. USE flags (not split > packages, I'll absolutely agree there) are the Gentoo way to control that.
http://bugs.gentoo.org/show_bug.cgi?id=12499 Personally, I am completely against it. It makes dependencies a complete nightmare to work with and would add an immense amount of complexity for the developers and also for users that aren't going to need/use this system. You have the tools to remove the binaries already. Use them. > > I think you have the wrong assumption here on how Gentoo is "supposed to > > work". Gentoo ships packages as close to how upstream packages them as > > possible. If you have a problem with the daemon being shipped with the > > client, then complain upstream. We have always provided the package as > > determined by upstream. Splitting packages is a waste of developer time > > and also makes things much more complex dependency-wise. > > Gentoo Philosophy page: "The Gentoo philosophy is to allow this user to > do what he or she wants to do, without getting in the way." ...and you can. You can write your own ebuild or use INSTALL_MASK. Allowing the user to do what he wants doesn't mean that *we* have to do it for them. > Of course, there's a practical limit to that. However, a simple > "clientonly" USE flag on client/server combo packages such as ssh and > dhcp would appear to be entirely within the Gentoo spirit, and generally > would require no more work than is already done in support of all sorts of > other USE flags. Simply don't compile or install the server, if a separate > binary from the client, and don't include /etc/init.d server starter > scripts (like sshd) and the like, if the clientonly USE flag is set. See my comments about writing your own ebuild or using INSTALL_MASK. It's always easy for someone to suggest how "easy" something may or may not be when they aren't the one that has to do the work... ;] We have provided methods for you to accomplish what you want. You do not want to use them or do not find them adequate. I can understand that. You need to understand, however, that we simply might not make any changes because we feel what we have provided is adequate and don't feel like taking on the extra work required to change the hundreds of packages in portage that this would affect. -- Chris Gianelloni Release Engineering - Strategic Lead/QA Manager Games - Developer Gentoo Linux
signature.asc
Description: This is a digitally signed message part