From owner-freebsd-security  Sun Oct 17 10:39:32 1999
Delivered-To: freebsd-security@freebsd.org
Received: from faith.cs.utah.edu (faith.cs.utah.edu [155.99.198.108])
	by hub.freebsd.org (Postfix) with ESMTP id 3F3A414F1D
	for <freebsd-security@FreeBSD.ORG>; Sun, 17 Oct 1999 10:39:28 -0700 (PDT)
	(envelope-from danderse@faith.cs.utah.edu)
Received: (from danderse@localhost)
	by faith.cs.utah.edu (8.9.3/8.9.3) id LAA21629;
	Sun, 17 Oct 1999 11:39:10 -0600 (MDT)
From: David G Andersen <danderse@cs.utah.edu>
Message-Id: <199910171739.LAA21629@faith.cs.utah.edu>
Subject: Re: FreeSSH
To: jdn@acp.qiv.com (Jay Nelson)
Date: Sun, 17 Oct 1999 11:39:10 -0600 (MDT)
Cc: Cy.Schubert@uumail.gov.bc.ca, jwyatt@rwsystems.net,
	glewis@trc.adelaide.edu.au, freebsd-security@FreeBSD.ORG
In-Reply-To: <Pine.BSF.4.05.9910161845430.2099-100000@acp.qiv.com> from "Jay Nelson" at Oct 16, 99 07:19:47 pm
X-Mailer: ELM [version 2.4 PL25]
MIME-Version: 1.0
Content-Type: text/plain; charset=US-ASCII
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
X-Loop: FreeBSD.org

Given that it may take a lot of re-engineering to change the build process
to not install the packages in the first place, what if we changed the
installation to create a "virtual" package entry for them, so that 
an interested sysadmin could then use pkg_delete to nuke the components of
the package?  It would be easy enough to generate the packing list at
compile time, and then stuff it in a known location at build time.

This wouldn't save download time or initial space, but it *would*
help make the security goal easier, from my point of view.

  -Dave

Lo and behold, Jay Nelson once said:
> 
> On Sat, 16 Oct 1999, Cy Schubert - ITSD Open Systems Group wrote:
> 
> [snip]
> 
> >... I think that 
> >the bloat caused by UUCP, YP, NFS, and Sendmail is small.   For example 
> 
> I heartily agree. The nice thing about a "standard" system is that
> there are features you can count on. Many are not used on the typical
> installation, yet I rarely remove them unless there is a compelling
> reason -- things change over time.
> 
> Hell -- if we're going to get rid of "bloat", let's get rid of grep
> and sed, since very few newbies understand regular expressions -- or 
> the man pages -- few read them and they take up a _huge_ amount of
> space;)
> 
> (Only my 2 bits)
> 
> -- Jay
> 
> 
> 
> To Unsubscribe: send mail to majordomo@FreeBSD.org
> with "unsubscribe freebsd-security" in the body of the message
> 


-- 
work: dga@lcs.mit.edu                          me:  dga@pobox.com
      MIT Laboratory for Computer Science           http://www.angio.net/


To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message