On 2/26/07, Duncan <[EMAIL PROTECTED]> wrote:
Chris Gianelloni <[EMAIL PROTECTED]> posted
[EMAIL PROTECTED], excerpted below, on Sun,
25 Feb 2007 21:14:22 -0500:
Doncan inquired...
>> Why is openssh (as virtual/ssh) part of the desktop profiles?
>
> Uhh... Because I like it and people expect it to be there. You're more
> than capable of removing it from your system.
>
>> Anyway, I think at least a discussion might be worthwhile, and I
>> decided to bring it up here to see what desktop folks thought, before
>> bothering the entire dev list with the idea. If it gets shot down
>> here, then no need to bring it up there. I keep thinking that
>> /someone/ must have asked the question before, but I haven't seen it in
>> three years now, so it can't be /too/ much of a FAQ.
>
> Feel free to bring it up, but the desktop profile is maintained by
> Release Engineering since it is used to build release media. I have no
> intentions on removing it, since I see it as invaluable, but if a
> convincing enough argument were made, I could see *some* concessions on
> it. My personal belief is that the profiles shouldn't be removing
> requirements on things unless they're incompatible.
Well, my only argument is the accepted wisdom that any app left installed
but unused on a system, particularly if it's a net app, is a security
vulnerability only waiting a most inconvenient time to show itself.
As I said, for some reason package.provided simply isn't working for ssh
ATM, for whatever reason. However, it's brought in by virtual/ssh, and
by creating an /etc/portage/profiles/virtuals and pointing virutal/ssh at
something convenient, in this case baselayout, I cured the problem a
different way. =8^)
Having safely hidden the system-dep-that-isn't-a-dep once again, it's not
a big enough deal to find the motivation to be all that convincing if the
above argument doesn't do it, so well enough left alone... until the next
time it wants to merge for whatever reason. =8^)
I don't believe that the service is turned on by default, even if it is
installed by default. You must do rc-update add sshd default before it
become as security vulnerability. And if you've ever used fish:// you'd know
just how useful ssh can be in a desktop profile.
--
Duncan - List replies preferred. No HTML msgs.
"Every nonfree program has a lord, a master --
and if you use the program, he is your master." Richard Stallman
--
[email protected] mailing list
--
In vino veritas.
[In wine there is truth.]
-- Pliny
