On Wed, Mar 02, 2011 at 10:24:36PM +0100, Josselin Mouette wrote: > Le mercredi 02 mars 2011 à 18:25 +0100, Bastien ROUCARIES a écrit : > > And more specifically from an administrator point of view does avahi > > could library could be made purgeable and no more than suggest > > dependencies (I am willing to fill a mass bug report because purging > > avahi will purge gnome and kde ...) ? > > As Philipp pointed out, only gnome depends on it, and that’s not > gnome-desktop-environment. You can use the latter if you want only the > official GNOME desktop.
gnome-desktop-environment Depends: gnome-user-share Depends: libapache2-mod-dnssd Depends: avahi-daemon Recommends: telepathy-salut Depends: avahi-daemon > > And moreover could you give a clear answer about the security risk on > > untrusted network ? > > I’d say Avahi is mostly as insecure as the services that use it for > advertising. A client system is not supposed to run any public network services, especially not in the default config. I have never in my life felt the need to do anything provided by either gnome-user-share or telepathy-salut (or anything that has to do with telepathy for that matter), and I doubt most users have either. None of them do anything good unless configured, too. Having them installed by default might make sense, disk space is cheap and non-technical users are not supposed to apt-get things every time they use an optional part of Gnome -- but why the system would bear a security risk when none of the programs involved were ever run is beyond me. When an user actually uses that "easy file sharing" or link-local instant messaging, avahi could be started, but there's no reason to do that before. This goes in contrast to actual server daemons which are installed by a conscious action by the sysadmin, and thus can be expected to be running by default. -- 1KB // Microsoft corollary to Hanlon's razor: // Never attribute to stupidity what can be // adequately explained by malice. -- To UNSUBSCRIBE, email to debian-devel-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/20110302233326.ga9...@angband.pl