[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]

Re: From release notes for FC5T3 (web)



On Tue, Mar 07, 2006 at 22:58:01 +0530,
  Rahul Sundaram <sundaram fedoraproject org> wrote:
> 
> >On Tue, Mar 07, 2006 at 21:10:12 +0530,
> > Rahul Sundaram <sundaram fedoraproject org> wrote:
> > 
> >
> >>Just having a  program with a security hole on disk through a 
> >>"everything" installation that you dont use is a potential problem that 
> >>leaves room for an exploit. Basically dont install stuff that you wont 
> >>use and audit everything that you install and use carefully. SELinux 
> >>does go a long way towards preventing many of these issues but the 
> >>default targeted policy in Fedora doesnt restrict all the programs 
> >>unlike the alternative strict policy which might require a good amount 
> >>of customization for regular use.
> >>   
> >>
> >
> >And just walking around outside risks getting struck by a lightning bolt.
> > 
> >
> That looks like a poor analogy. Software security issues occur way more 
> often than people getting struck by lightning bolts.

It was meant to say I think you are significantly exaggerating the risk of
doing an everything install.

> >However the vast majority of the packages on Fedora don't fall into those
> >categories. And security is not a reasonable excuse for not making it easy
> >to install them.
> > 
> >
> I am all in support for making it easier to install all the packages 
> post installation and when Fedora Core shrinks in size to fit specific 
> user requirements without redundancy like multiple language packs.

With the DVD install this isn't a big deal, but with the CD based one,
it is going to be nicer to grab everthing on one pass through the CDs.

I plan on installing everything selectable when I do my real FC5 install,
but I am going to gripe about the crappy interface that makes me go through
lists of hundreds of subpackages looking for the few that aren't already
checked.

I don't see what the problem is with multiple language packs. Its just a
bit of disk space and it might be nice to have the extra fonts available.
For some people, disk space is tight, but for others it is easier to have
the stuff already installed than having to do an install when you find out
you need it.

I don't see why there wasn't select all and deselect all at least at the
group level for custom installs.


[Date Prev][Date Next]   [Thread Prev][Thread Next]   [Thread Index] [Date Index] [Author Index]