On Mon, Nov 01, 2010 at 08:41:34PM +0300, Peter Volkov wrote: > В Вск, 31/10/2010 в 16:38 +0200, Alex Alexander пишет: > > On Sun, Oct 31, 2010 at 11:50:02AM +0000, Markos Chandras wrote: > > > On Sat, Oct 30, 2010 at 10:59:08PM -0400, Richard Freeman wrote: > > > > Isn't this essentially what the default profile is? Basically server is > > > > just default + USE="apache2 ldap mysql snmp truetype xml". > > > Well it shouldn't be like that. And if the default profile is pretty > > > much the same as the server one, then please consider removing the > > > server profile as it makes no sense then > > > > Please don't. The fact that there are only a few changes doesn't make it > > useless. Also, you'd be forcing all users currently using the profile to > > migrate without any real reason. > > But what is the target group of this profile? It sets only 6 USE flags > that are really useless on half of servers (e.g. VPN/mail server). I'd > better set only -perl -python there to make servers less dependent on > python/perl updaters and decrease rebuilds for servers. Also it's good > idea to make them hardened only as hardened works very well for > servers. > > -- > Peter. > >
Attached you may find my final proposal for server profiles. -- Markos Chandras (hwoarang) Gentoo Linux Developer Web: http://hwoarang.silverarrow.org Key ID: 441AC410 Key FP: AAD0 8591 E3CD 445D 6411 3477 F7F7 1E8E 441A C410
Index: default/linux/amd64/10.0/server/profile.bashrc
===================================================================
RCS file:
/var/cvsroot/gentoo-x86/profiles/default/linux/amd64/10.0/server/profile.bashrc,v
retrieving revision 1.1
diff -u -b -B -u -r1.1 profile.bashrc
--- default/linux/amd64/10.0/server/profile.bashrc 6 Aug 2009 06:33:39
-0000 1.1
+++ default/linux/amd64/10.0/server/profile.bashrc 2 Nov 2010 20:28:19
-0000
@@ -6,16 +6,10 @@
then
if [[ ! "${I_KNOW_WHAT_I_AM_DOING}" == "yes" ]]
then
- ewarn "This profile has not been tested thoroughly and is not
considered to be"
- ewarn "a supported server profile at this time. For a
supported server"
- ewarn "profile, please check the Hardened project
(http://hardened.gentoo.org)."
echo
ewarn "This profile is merely a convenience for people who
require a more"
ewarn "minimal profile, yet are unable to use hardened due to
restrictions in"
- ewarn "the software being used on the server. This profile
should also be used"
- ewarn "if you require GCC 4.1 or Glibc 2.4 support. If you
don't know if this"
- ewarn "applies to you, then it doesn't and you should probably
be using"
- ewarn "Hardened, instead."
+ ewarn "the software being used on the server."
echo
fi
fi
Index: targets/server/make.defaults
===================================================================
RCS file: /var/cvsroot/gentoo-x86/profiles/targets/server/make.defaults,v
retrieving revision 1.2
diff -u -b -B -u -r1.2 make.defaults
--- targets/server/make.defaults 17 Aug 2009 18:32:10 -0000 1.2
+++ targets/server/make.defaults 2 Nov 2010 20:28:20 -0000
@@ -2,4 +2,4 @@
# Distributed under the terms of the GNU General Public License v2
# $Header: /var/cvsroot/gentoo-x86/profiles/targets/server/make.defaults,v 1.2
2009/08/17 18:32:10 ssuominen Exp $
-USE="apache2 ldap mysql snmp truetype xml"
+USE="-perl -python snmp truetype xml"
pgpMEDQEFGMJx.pgp
Description: PGP signature
