:: Re: [DNG] Why Debian 8 Pinning is (…
Top Page
Delete this message
Reply to this message
Author: Rick Moen
Date:  
To: dng
Subject: Re: [DNG] Why Debian 8 Pinning is (or isn't) pointless
Quoting dev (devuan.2@???):

> On systems where security and stability are important, needless
> dependencies and pointless software expose a broader attack surface.


Generically, yes.

I definitely always appreciate having less unwanted code on my system,
particularly code that ever runs with elevated privilege. Short of
Gentoo-style local building of packages and tweaking build options, it's
non-trivial to do that, though.

I've covered a couple of the ways to do that. If you have practical
suggestions rather than just vague philophising, I'm still waiting to
hear them.

> On server systems, it's considered best practice to install the
> minimal amount of software needed for the running services, and no
> more.


You're aware that I'm a sysadmin, right? Just checking.

> Historically speaking, most Linux distros easily strip-down this
> way.


Yeah, right. Thus the Kerberos libraries for /usr/bin/ssh. *headdesk*

> Systemd seems well on it's way to reverse that. I would say
> that is most certainly of "particular importance"


We weren't talking about that, though, only libsystemd0.

(Seriously, guys, you do need to FAQ that.)