Author: Rick Moen Date: To: dng Subject: Re: [DNG] Why Debian 8 Pinning is (or isn't) pointless
Quoting dev (devuan.2@???):
> On systems where security and stability are important, needless
> dependencies and pointless software expose a broader attack surface.
Generically, yes.
I definitely always appreciate having less unwanted code on my system,
particularly code that ever runs with elevated privilege. Short of
Gentoo-style local building of packages and tweaking build options, it's
non-trivial to do that, though.
I've covered a couple of the ways to do that. If you have practical
suggestions rather than just vague philophising, I'm still waiting to
hear them.
> On server systems, it's considered best practice to install the
> minimal amount of software needed for the running services, and no
> more.
You're aware that I'm a sysadmin, right? Just checking.
> Historically speaking, most Linux distros easily strip-down this
> way.
Yeah, right. Thus the Kerberos libraries for /usr/bin/ssh. *headdesk*
> Systemd seems well on it's way to reverse that. I would say
> that is most certainly of "particular importance"
We weren't talking about that, though, only libsystemd0.