From owner-freebsd-questions Thu Jan 23 13:10: 8 2003 Delivered-To: freebsd-questions@freebsd.org Received: from mx1.FreeBSD.org (mx1.freebsd.org [216.136.204.125]) by hub.freebsd.org (Postfix) with ESMTP id 7F00937B405 for ; Thu, 23 Jan 2003 13:10:06 -0800 (PST) Received: from pd3mo3so.prod.shaw.ca (shawidc-mo1.cg.shawcable.net [24.71.223.10]) by mx1.FreeBSD.org (Postfix) with ESMTP id 9830C43EB2 for ; Thu, 23 Jan 2003 13:10:04 -0800 (PST) (envelope-from jens@zoology.ubc.ca) Received: from pd5mr2so.prod.shaw.ca (pd5mr2so-qfe3.prod.shaw.ca [10.0.141.233]) by l-daemon (iPlanet Messaging Server 5.1 HotFix 0.8 (built May 12 2002)) with ESMTP id <0H96009IPQSSLF@l-daemon> for freebsd-questions@freebsd.org; Thu, 23 Jan 2003 14:10:04 -0700 (MST) Received: from pn2ml3so.prod.shaw.ca (pn2ml3so-qfe0.prod.shaw.ca [10.0.121.147]) by l-daemon (iPlanet Messaging Server 5.1 HotFix 0.8 (built May 12 2002)) with ESMTP id <0H96002SNQSRG7@l-daemon> for freebsd-questions@freebsd.org; Thu, 23 Jan 2003 14:10:03 -0700 (MST) Received: from [10.112.119.100] (h24-68-118-117.vc.shawcable.net [24.68.118.117]) by l-daemon (iPlanet Messaging Server 5.1 HotFix 0.6 (built Apr 26 2002)) with ESMTP id <0H96009DEQSR34@l-daemon> for freebsd-questions@freebsd.org; Thu, 23 Jan 2003 14:10:03 -0700 (MST) Date: Thu, 23 Jan 2003 13:10:01 -0800 From: Jens Haeusser Subject: Re: Installing Stripped System In-reply-to: To: Paul Everlund Cc: freebsd-questions@freebsd.org Message-id: MIME-version: 1.0 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT User-Agent: Microsoft-Entourage/10.1.0.2006 Sender: owner-freebsd-questions@FreeBSD.ORG Precedence: bulk List-ID: List-Archive: (Web Archive) List-Help: (List Instructions) List-Subscribe: List-Unsubscribe: X-Loop: FreeBSD.ORG On 1/23/03 2:30 AM, "Paul Everlund" wrote: > On Thu, 23 Jan 2003, Jens Haeusser wrote: > >> I'd like to install a system lacking some of the binaries you can >> specify as make.conf knobs, such as >> >> NO_I4B= true >> NO_IPFILTER= true >> NOGAMES= true >> NOUUCP= true >> NO_SENDMAIL= true > > I have been thinking that those "knobs" should have their own > pkg-plist which one could use for deleting the binaries. Also one > must take in concern dependencies of those "knobs"... I've always thought that the entire base system should have it's own package/port system. That way, you could easily remove the bits you don't want (remove UUCP from a fileserver, remove gcc from a firewall, etc). As well, this would make security/other upgrades much easier. Telnet has a remote hole? Simply upgrade the base-telnet port. OpenSSL has a problem? Upgrade the base-OpenSSL port, which will take care of rebuilding any other dependant base-ports. This should also make binary upgrades easier if it included proper packages. It could certainly simplify the whole track the security branch, spend hours making install/buildworld every few weeks issue. Ah well, I can always dream. Jens Haeusser Network Manager Zoology, UBC To Unsubscribe: send mail to majordomo@FreeBSD.org with "unsubscribe freebsd-questions" in the body of the message