On 10/30/2010 05:09 AM, Markos Chandras wrote:
> On Sat, Oct 30, 2010 at 10:05:17AM +0400, Peter Volkov wrote:
>> В Птн, 29/10/2010 в 09:11 -0700, Alec Warner пишет:
>>> On Fri, Oct 29, 2010 at 5:21 AM, Markos Chandras <hwoar...@gentoo.org> 
>>> wrote:
>>> Can I install a machine with the server profile and USE=-ldap, but
>>> still get ldap + pam working?
>>> Can I install a machine with the server profile and USE=-apache, but
>>> still get apache + php working?  apache + rails?
>>> How many packages support each USE flag?
>>> How many of those packages have IUSE defaults for +ldap or +apache already?
>>
>> Having lxc/openvz/vserver technologies at hand it's not rare to split
>> LAMP server into a number of virtual servers (containers): mysql /
>> backend with php / frontend / smtp - everything sits in its own
>> container. And USE=apache will be used only in _one_ container. Also not
>> all servers are web servers. So IMO server profile should be just
>> minimal profile that hints users that this profile will stay minimal and
>> usable for all kinds of servers. That said I think server profile is
>> useless and for servers I maintain my own profiles.
>>
>> -- 
>> Peter.
>>
>>
> Exactly! How about the warning message. Should the statement about
> gcc+glibc be removed and keep the one about hardened but make it a bit
> different?Like "This profile is making use of a minimal set of use flag.
> You may find it useful in a server environment. However, If you are seeking
> for extra security, please check the Hardened project
> (http://hardened.gentoo.org)."
> 

What exactly is the intended use of the server flag?

When I want a minimal image, I usually just use the default profile.
That is pretty-much a bare-bones gentoo install.  I can see the use of
desktop, and I can see the use of hardened.  Right now server just looks
like default with random stuff for various kinds of servers added.

I could see if server had a different set of keywords and QA policy
(like debian stable), or if there were a set of use flags that would be
universally useful on a server and not on a desktop.

Right now it just seems like the server profile exists since lots of
other distros have server editions, so we should too.  If that is the
case, why not just point users to the default profile, or hardened?'

I'd be curious what the users of the server profile say.  If anything
they are the ones we should be listening to since they've found a use
for it.

Rich

Reply via email to