From owner-freebsd-security  Tue Jun 25  1:26:12 2002
Delivered-To: freebsd-security@freebsd.org
Received: from c18070.belrs1.nsw.optusnet.com.au (c18070.belrs1.nsw.optusnet.com.au [210.49.78.171])
	by hub.freebsd.org (Postfix) with SMTP id A332437B401
	for <security@FreeBSD.ORG>; Tue, 25 Jun 2002 01:25:56 -0700 (PDT)
Received: (qmail 18964 invoked from network); 25 Jun 2002 08:25:32 -0000
Received: from unknown (HELO optusnet.com.au) (unknown)
  by unknown with SMTP; 25 Jun 2002 08:25:32 -0000
Message-ID: <3D182912.2060306@optusnet.com.au>
Date: Tue, 25 Jun 2002 18:25:54 +1000
From: Antony Mawer <antonym@optusnet.com.au>
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.1a) Gecko/20020613
X-Accept-Language: en-au, en-us, en
MIME-Version: 1.0
To: "Matthew N. Dodd" <winter@jurai.net>
Cc: Darren Reed <avalon@coombs.anu.edu.au>, security@FreeBSD.ORG
Subject: Re: Time to look put more resources into FreeSSH ?
References: <20020625035702.F95270-100000@sasami.jurai.net>
Content-Type: text/plain; charset=us-ascii; format=flowed
Content-Transfer-Encoding: 7bit
Sender: owner-freebsd-security@FreeBSD.ORG
Precedence: bulk
List-ID: <freebsd-security.FreeBSD.ORG>
List-Archive: <http://docs.freebsd.org/mail/> (Web Archive)
List-Help: <mailto:majordomo@FreeBSD.ORG?subject=help> (List Instructions)
List-Subscribe: <mailto:majordomo@FreeBSD.ORG?subject=subscribe%20freebsd-security>
List-Unsubscribe: <mailto:majordomo@FreeBSD.ORG?subject=unsubscribe%20freebsd-security>
X-Loop: FreeBSD.org

Matthew N. Dodd wrote:
> I see no problem with having a set of 'default packages' installed by
> sysinstall.

A very valid point. It also means that it's far easier to build a 
stripped-down system. Ideally, it'd be nice to have a minimal base 
system with just the essentials and package management tools, and then 
have an assortment of packages that can be installed. Then, as part of 
the install, things like OpenSSH, Perl are selected to be installed by 
default, but can be de-selected for a "lean" install.

The only downside I can see to this is that it requires "more" to keep a 
system up-to-date than a make world/mergemaster; however, I'd imagine it 
then makes updating software a lot easier than having to merge the code 
into the base system like we presently have.

The more modular, the better.

-Antony



To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-security" in the body of the message