Bug#442933: harden-servers: conflicts with portmap which is recommended by many GNOME packages
On Thu, 20 Sep 2007 21:24:19 +0200 Ola Lundqvist wrote: [...] On Wed, Sep 19, 2007 at 11:31:04PM +0200, Francesco Poli wrote: On Wed, 19 Sep 2007 22:02:19 +0200 Ola Lundqvist wrote: [...] I'll try the --without-recommends way and see how it works. I hope it works well. When you find out I'm interested in knowing. Sure, let's keep the bug open, if it's OK for you, so that I (hopefully) don't forget to report back after some time of use. Galeon works fine without its recommends: I've been using it for quite some time now (even though I don't use this machine too often, yet...). For anyone interested out there, I installed it the following way: # aptitude install --without-recommends galeon # aptitude install gnome-icon-theme yelp # aptitude markauto gnome-icon-theme yelp I think this bug may be safely closed now. Thanks for the assistance, Ola! -- http://frx.netsons.org/doc/nanodocs/testing_workstation_install.html Need to read a Debian testing installation walk-through? . Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4 pgpiXt7CcF9Yc.pgp Description: PGP signature
Bug#442933: harden-servers: conflicts with portmap which is recommended by many GNOME packages
tags 442933 + wontfix thanks Ok. I'll keep it open for some time. However I'll mark it as wontfix for now. Best regards, // Ola On Wed, Sep 19, 2007 at 11:31:04PM +0200, Francesco Poli wrote: On Wed, 19 Sep 2007 22:02:19 +0200 Ola Lundqvist wrote: [...] I'll try the --without-recommends way and see how it works. I hope it works well. When you find out I'm interested in knowing. Sure, let's keep the bug open, if it's OK for you, so that I (hopefully) don't forget to report back after some time of use. -- http://frx.netsons.org/doc/nanodocs/testing_workstation_install.html Need to read a Debian testing installation walk-through? . Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4 -- - Ola Lundqvist --- / [EMAIL PROTECTED] Annebergsslingan 37 \ | [EMAIL PROTECTED] 654 65 KARLSTAD | | http://opalsys.net/ +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / --- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#442933: harden-servers: conflicts with portmap which is recommended by many GNOME packages
Hi Francesco On Tue, Sep 18, 2007 at 12:57:30AM +0200, Francesco Poli wrote: Package: harden-servers Version: 0.1.31 Severity: wishlist Hi! I installed the harden-servers package on a workstation/desktop box in order to make sure I do not install excessively insecure daemons by mistake. Good choice. But unfortunately many GNOME packages (galeon, libgnomevfs2-0, gnome-control-center, gnome-mount, yelp, ...) seem to recommend fam, either directly or indirectly. On its turn, fam depends on portmap, which harden-servers conflicts with. The net result of all this is: I cannot install galeon or contacts (or other GNOME packages), unless I do so with the --without-recommends option of aptitude. See below for an example. Why GNOME packages recommend services (fam) that depend on insecure daemons (portmap)? You have to ask the GNOME people about that. However as you can install it with --without-recommends that means that is not strictly a dependency which means that you can actually have GNOME installed without fam. Cannot I have a secure box with some full-feature GNOME packages installed? Without the recommended packages that is possible. Now the question is: what should I do? Purge harden-servers and forget about it for any workstation/desktop box (that is to say: only install it on machines that *only* run servers)? If this is the case, please clarify it in the package description... You can have harden-servers installed on a Desktop, you just need to make sure that fam is not installed. I can imagine a number of ways to configure a Desktop machine without insecure servers. Best regards, // Ola What follows is a transcript of my attempt at installing galeon: $ aptitude -s install galeon Reading package lists... Building dependency tree... Reading state information... Reading extended state information... Initializing package states... Reading task descriptions... Building tag database... The following packages are BROKEN: harden-servers The following NEW packages will be automatically installed: alacarte avahi-daemon binfmt-support capplets-data cdrdao cli-common cups-pdf cupsys cupsys-client cupsys-common dbus dbus-x11 deskbar-applet desktop-base desktop-file-utils docbook-xml dvd+rw-tools esound-clients esound-common evolution-data-server evolution-data-server-common fam foomatic-db foomatic-db-engine foomatic-filters galeon-common gconf2 gconf2-common genisoimage gksu gnome-about gnome-applets gnome-applets-data gnome-control-center gnome-desktop-data gnome-doc-utils gnome-icon-theme gnome-keyring gnome-media gnome-media-common gnome-menus gnome-mime-data gnome-mount gnome-netstatus-applet gnome-panel gnome-panel-data gnome-session gnome-system-monitor gnome-user-guide gnome-utils gs-esp gstreamer0.10-alsa gstreamer0.10-plugins-base gstreamer0.10-plugins-good gstreamer0.10-x hal hal-info imagemagick iso-codes libaa1 libao2 libapm1 libart-2.0-2 libart2.0-cil libasound2 libaudiofile0 libavahi-client3 libavahi-common-data libavahi-common3 libavahi-compat-libdnssd1 libavahi-core5 libavahi-glib1 libavc1394-0 libbeagle0 libbonobo2-0 libbonobo2-common libbonoboui2-0 libbonoboui2-common libcaca0 libcamel1.2-10 libcdio6 libcdparanoia0 libcpufreq0 libcucul0 libcupsimage2 libdaemon0 libdbus-1-3 libdbus-glib-1-2 libdv4 libebook1.2-9 libecal1.2-7 libedata-book1.2-2 libedata-cal1.2-6 libedataserver1.2-9 libedataserverui1.2-8 libeel2-2.18 libeel2-data libegroupwise1.2-13 libenchant1c2a libesd0 libexif12 libfam0 libflac8 libgail-common libgail18 libgconf2-4 libgconf2.0-cil libgksu2-0 libglade2.0-cil libglib2.0-cil libgmime-2.0-2 libgmime2.2-cil libgnome-desktop-2 libgnome-keyring0 libgnome-media0 libgnome-menu2 libgnome-vfs2.0-cil libgnome-window-settings1 libgnome2-0 libgnome2-common libgnome2.0-cil libgnomecanvas2-0 libgnomecanvas2-common libgnomecups1.0-1 libgnomekbd-common libgnomekbd1 libgnomekbdui1 libgnomeprint2.2-0 libgnomeprint2.2-data libgnomeprintui2.2-0 libgnomeprintui2.2-common libgnomeui-0 libgnomeui-common libgnomevfs2-0 libgnomevfs2-common libgnomevfs2-extra libgstreamer-plugins-base0.10-0 libgstreamer0.10-0 libgtk2.0-cil libgtkhtml2.0-cil libgtkhtml3.8-15 libgtksourceview-common libgtksourceview1.0-0 libgtop2-7 libgtop2-common libgucharmap6 libhal-storage1 libhal1 libhunspell-1.1-0 libidl0 libiec61883-0 libjasper1 liblcms1 libmagick9 libmetacity0 libmono-cairo1.0-cil libmono-corlib1.0-cil libmono-corlib2.0-cil libmono-data-tds2.0-cil libmono-security2.0-cil libmono-sharpzip2.84-cil libmono-system-data2.0-cil libmono-system-web2.0-cil libmono-system1.0-cil libmono-system2.0-cil libmono0 libmono2.0-cil libmozjs0d libnautilus-burn4 libnautilus-extension1 libndesk-dbus-glib1.0-cil libndesk-dbus1.0-cil libnotify1 libnspr4-0d libnss-mdns libnss3-0d libogg0 liboil0.3 liborbit2
Bug#442933: harden-servers: conflicts with portmap which is recommended by many GNOME packages
On Wed, 19 Sep 2007 08:20:23 +0200 Ola Lundqvist wrote: [...] You can have harden-servers installed on a Desktop, you just need to make sure that fam is not installed. I can imagine a number of ways to configure a Desktop machine without insecure servers. OK, thanks for replying. I'll try the --without-recommends way and see how it works. -- http://frx.netsons.org/doc/nanodocs/testing_workstation_install.html Need to read a Debian testing installation walk-through? . Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4 pgp8seZSVu0WL.pgp Description: PGP signature
Bug#442933: harden-servers: conflicts with portmap which is recommended by many GNOME packages
Hi On Wed, Sep 19, 2007 at 07:46:37PM +0200, Francesco Poli wrote: On Wed, 19 Sep 2007 08:20:23 +0200 Ola Lundqvist wrote: [...] You can have harden-servers installed on a Desktop, you just need to make sure that fam is not installed. I can imagine a number of ways to configure a Desktop machine without insecure servers. OK, thanks for replying. You are welcome. I'll try the --without-recommends way and see how it works. I hope it works well. When you find out I'm interested in knowing. Best regards, // Ola -- http://frx.netsons.org/doc/nanodocs/testing_workstation_install.html Need to read a Debian testing installation walk-through? . Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4 -- - Ola Lundqvist --- / [EMAIL PROTECTED] Annebergsslingan 37 \ | [EMAIL PROTECTED] 654 65 KARLSTAD | | http://opalsys.net/ +46 (0)70-332 1551 | \ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 / --- -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of unsubscribe. Trouble? Contact [EMAIL PROTECTED]
Bug#442933: harden-servers: conflicts with portmap which is recommended by many GNOME packages
On Wed, 19 Sep 2007 22:02:19 +0200 Ola Lundqvist wrote: [...] I'll try the --without-recommends way and see how it works. I hope it works well. When you find out I'm interested in knowing. Sure, let's keep the bug open, if it's OK for you, so that I (hopefully) don't forget to report back after some time of use. -- http://frx.netsons.org/doc/nanodocs/testing_workstation_install.html Need to read a Debian testing installation walk-through? . Francesco Poli . GnuPG key fpr == C979 F34B 27CE 5CD8 DC12 31B5 78F4 279B DD6D FCF4 pgpURTtE15uLa.pgp Description: PGP signature
Bug#442933: harden-servers: conflicts with portmap which is recommended by many GNOME packages
Package: harden-servers Version: 0.1.31 Severity: wishlist Hi! I installed the harden-servers package on a workstation/desktop box in order to make sure I do not install excessively insecure daemons by mistake. But unfortunately many GNOME packages (galeon, libgnomevfs2-0, gnome-control-center, gnome-mount, yelp, ...) seem to recommend fam, either directly or indirectly. On its turn, fam depends on portmap, which harden-servers conflicts with. The net result of all this is: I cannot install galeon or contacts (or other GNOME packages), unless I do so with the --without-recommends option of aptitude. See below for an example. Why GNOME packages recommend services (fam) that depend on insecure daemons (portmap)? Cannot I have a secure box with some full-feature GNOME packages installed? Now the question is: what should I do? Purge harden-servers and forget about it for any workstation/desktop box (that is to say: only install it on machines that *only* run servers)? If this is the case, please clarify it in the package description... What follows is a transcript of my attempt at installing galeon: $ aptitude -s install galeon Reading package lists... Building dependency tree... Reading state information... Reading extended state information... Initializing package states... Reading task descriptions... Building tag database... The following packages are BROKEN: harden-servers The following NEW packages will be automatically installed: alacarte avahi-daemon binfmt-support capplets-data cdrdao cli-common cups-pdf cupsys cupsys-client cupsys-common dbus dbus-x11 deskbar-applet desktop-base desktop-file-utils docbook-xml dvd+rw-tools esound-clients esound-common evolution-data-server evolution-data-server-common fam foomatic-db foomatic-db-engine foomatic-filters galeon-common gconf2 gconf2-common genisoimage gksu gnome-about gnome-applets gnome-applets-data gnome-control-center gnome-desktop-data gnome-doc-utils gnome-icon-theme gnome-keyring gnome-media gnome-media-common gnome-menus gnome-mime-data gnome-mount gnome-netstatus-applet gnome-panel gnome-panel-data gnome-session gnome-system-monitor gnome-user-guide gnome-utils gs-esp gstreamer0.10-alsa gstreamer0.10-plugins-base gstreamer0.10-plugins-good gstreamer0.10-x hal hal-info imagemagick iso-codes libaa1 libao2 libapm1 libart-2.0-2 libart2.0-cil libasound2 libaudiofile0 libavahi-client3 libavahi-common-data libavahi-common3 libavahi-compat-libdnssd1 libavahi-core5 libavahi-glib1 libavc1394-0 libbeagle0 libbonobo2-0 libbonobo2-common libbonoboui2-0 libbonoboui2-common libcaca0 libcamel1.2-10 libcdio6 libcdparanoia0 libcpufreq0 libcucul0 libcupsimage2 libdaemon0 libdbus-1-3 libdbus-glib-1-2 libdv4 libebook1.2-9 libecal1.2-7 libedata-book1.2-2 libedata-cal1.2-6 libedataserver1.2-9 libedataserverui1.2-8 libeel2-2.18 libeel2-data libegroupwise1.2-13 libenchant1c2a libesd0 libexif12 libfam0 libflac8 libgail-common libgail18 libgconf2-4 libgconf2.0-cil libgksu2-0 libglade2.0-cil libglib2.0-cil libgmime-2.0-2 libgmime2.2-cil libgnome-desktop-2 libgnome-keyring0 libgnome-media0 libgnome-menu2 libgnome-vfs2.0-cil libgnome-window-settings1 libgnome2-0 libgnome2-common libgnome2.0-cil libgnomecanvas2-0 libgnomecanvas2-common libgnomecups1.0-1 libgnomekbd-common libgnomekbd1 libgnomekbdui1 libgnomeprint2.2-0 libgnomeprint2.2-data libgnomeprintui2.2-0 libgnomeprintui2.2-common libgnomeui-0 libgnomeui-common libgnomevfs2-0 libgnomevfs2-common libgnomevfs2-extra libgstreamer-plugins-base0.10-0 libgstreamer0.10-0 libgtk2.0-cil libgtkhtml2.0-cil libgtkhtml3.8-15 libgtksourceview-common libgtksourceview1.0-0 libgtop2-7 libgtop2-common libgucharmap6 libhal-storage1 libhal1 libhunspell-1.1-0 libidl0 libiec61883-0 libjasper1 liblcms1 libmagick9 libmetacity0 libmono-cairo1.0-cil libmono-corlib1.0-cil libmono-corlib2.0-cil libmono-data-tds2.0-cil libmono-security2.0-cil libmono-sharpzip2.84-cil libmono-system-data2.0-cil libmono-system-web2.0-cil libmono-system1.0-cil libmono-system2.0-cil libmono0 libmono2.0-cil libmozjs0d libnautilus-burn4 libnautilus-extension1 libndesk-dbus-glib1.0-cil libndesk-dbus1.0-cil libnotify1 libnspr4-0d libnss-mdns libnss3-0d libogg0 liboil0.3 liborbit2 libpanel-applet2-0 libpci2 libpoppler1 libraw1394-8 librsvg2.0-cil libscrollkeeper0 libsexy2 libshout3 libslab0 libslp1 libsmbclient libsmbios1 libsoup2.2-8 libspeex1 libstartup-notification0 libsysfs2 libtag1c2a libtheora0 libtotem-plparser1 libtrackerclient0 libvisual-0.4-0 libvisual-0.4-plugins libvorbis0a libvorbisenc2 libvorbisfile3 libwavpack1 libwnck-common libwnck18 libxklavier11 libxml2-utils libxres1 libxslt1.1 libxul-common libxul0d menu-xdg metacity metacity-common mono-common mono-gac mono-jit mono-runtime nautilus nautilus-cd-burner nautilus-data notification-daemon openssl oss-compat pciutils poppler-utils portmap