On Mon, Nov 01, 2010 at 08:41:34PM +0300, Peter Volkov wrote:
> В Вск, 31/10/2010 в 16:38 +0200, Alex Alexander пишет:
> > On Sun, Oct 31, 2010 at 11:50:02AM +0000, Markos Chandras wrote:
> > > On Sat, Oct 30, 2010 at 10:59:08PM -0400, Richard Freeman wrote:
> > > > Isn't this essentially what the default profile is?  Basically server is
> > > > just default + USE="apache2 ldap mysql snmp truetype xml".
> > > Well it shouldn't be like that. And if the default profile is pretty
> > > much the same as the server one, then please consider removing the
> > > server profile as it makes no sense then
> > 
> > Please don't. The fact that there are only a few changes doesn't make it
> > useless. Also, you'd be forcing all users currently using the profile to
> > migrate without any real reason.
> 
> But what is the target group of this profile? It sets only 6 USE flags
> that are really useless on half of servers (e.g. VPN/mail server). I'd
> better set only -perl -python there to make servers less dependent on
> python/perl updaters and decrease rebuilds for servers. Also it's good
> idea to make them hardened only as hardened works very well for
> servers. 
> 
> -- 
> Peter.
> 
> 

Attached you may find my final proposal for server profiles.

-- 
Markos Chandras (hwoarang)
Gentoo Linux Developer
Web: http://hwoarang.silverarrow.org
Key ID: 441AC410
Key FP: AAD0 8591 E3CD 445D 6411  3477 F7F7 1E8E 441A C410
Index: default/linux/amd64/10.0/server/profile.bashrc
===================================================================
RCS file: 
/var/cvsroot/gentoo-x86/profiles/default/linux/amd64/10.0/server/profile.bashrc,v
retrieving revision 1.1
diff -u -b -B -u -r1.1 profile.bashrc
--- default/linux/amd64/10.0/server/profile.bashrc      6 Aug 2009 06:33:39 
-0000       1.1
+++ default/linux/amd64/10.0/server/profile.bashrc      2 Nov 2010 20:28:19 
-0000
@@ -6,16 +6,10 @@
 then
        if [[ ! "${I_KNOW_WHAT_I_AM_DOING}" == "yes" ]]
        then
-               ewarn "This profile has not been tested thoroughly and is not 
considered to be"
-               ewarn "a supported server profile at this time.  For a 
supported server"
-               ewarn "profile, please check the Hardened project 
(http://hardened.gentoo.org)."
                echo
                ewarn "This profile is merely a convenience for people who 
require a more"
                ewarn "minimal profile, yet are unable to use hardened due to 
restrictions in"
-               ewarn "the software being used on the server. This profile 
should also be used"
-               ewarn "if you require GCC 4.1 or Glibc 2.4 support. If you 
don't know if this"
-               ewarn "applies to you, then it doesn't and you should probably 
be using"
-               ewarn "Hardened, instead."
+               ewarn "the software being used on the server."
                echo
        fi
 fi
Index: targets/server/make.defaults
===================================================================
RCS file: /var/cvsroot/gentoo-x86/profiles/targets/server/make.defaults,v
retrieving revision 1.2
diff -u -b -B -u -r1.2 make.defaults
--- targets/server/make.defaults        17 Aug 2009 18:32:10 -0000      1.2
+++ targets/server/make.defaults        2 Nov 2010 20:28:20 -0000
@@ -2,4 +2,4 @@
 # Distributed under the terms of the GNU General Public License v2
 # $Header: /var/cvsroot/gentoo-x86/profiles/targets/server/make.defaults,v 1.2 
2009/08/17 18:32:10 ssuominen Exp $
 
-USE="apache2 ldap mysql snmp truetype xml"
+USE="-perl -python snmp truetype xml"

Attachment: pgpMEDQEFGMJx.pgp
Description: PGP signature

Reply via email to