On Wed, Jan 21, 2009 at 3:45 PM, Edward Pilatowicz
<edward.pilatow...@sun.com> wrote:
> On Wed, Jan 21, 2009 at 03:31:05PM -0500, Fredrich Maney wrote:
>> On Wed, Jan 21, 2009 at 2:27 PM, Edward Pilatowicz
>> <edward.pilatow...@sun.com> wrote:
>> > well, certainly you could remove packages, but why bother.
>> > disk space is cheap.
>> > ed
>> For the same reasons that you don't install unneeded packages in the
>> first place: security, stability and space.
> imho, most of the time these are false optimizations that are not worth
> the risk and/or trouble.

You are certainly entitled to that view. However, it is far from the
only one and is certainly not the a common best practice - common,
yes; best, that's up for debate.

> wrt space, disk space is cheap.  i'd also recommend installing your
> zones on compressed zfs filesystems, which will automatically reduce the
> space used.

As was stated earlier in the thread, disk space isn't always cheap and
not all disk is created equally.

> wrt stability, i don't see how having unused stuff on disk has any
> impact on stability.  it's more likely that removing stuff will reduce
> stability by accidently removing something you might need in the future.

On more than one occasion I've had to spend significant amounts of
time rebuilding/resurrecting systems that were corrupted due to
patches that were applied for installed, but not used, software. Those
patches wouldn't have ever been installed if the unneeded software had
never been installed in the first place.

> wrt security.  unless there is some suid binaries in the packages your
> removing, i don't really see how security is impacted.

Have you never seen a buffer overflow of a non-suid binary cause a
denial of service?

> of course it's all about tradeoffs.  if you have infinite free
> labor/time, and disk space is all that matters to you, then feel free to
> burn that labor/time eliminating everything you don't need.

Since this should be done at build time, there is no risk and there is
very little trouble. It's not that hard or time consuming to build a
Jumpstart profile. And once the profile is build, it can be used for
any number of systems. A little bit of upfront work goes a long way.

zones-discuss mailing list

Reply via email to