lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: fulldisc at ultratux.org (Maarten)
Subject: Re: !SPAM! Automated ssh scanning

On Saturday 28 August 2004 13:32, gadgeteer@...gantinnovations.org wrote:
> On Thu, Aug 26, 2004 at 03:14:27PM -0500, Ron DuFresne 
(dufresne@...ternet.com) wrote:
> > Those do not make alot of difference, the key is not to accept any of the
> > defaults by any of these dists, pick and choose carefully which
> > individual packages you install.   I know redhat has dependancy hell with
> > various packages, from the experience of trying to do as minimal as
> > possible an install for a webhost while migrating from sunone on solaris
> > to
> > apache/redhat on the mainframe awhile back.  I do not doubt that some of
> > these additional dists are wraught with the same issues.  But, I do know
> > that slackware's installation process has the ability for one to do
> > finegrained installs and to determine specifically individual packages
> > from each package set.
>
> Just because slack does not prevent one from installing or not, whatever
> packages one chooses does not mean there is no dependency issues.  They
> are there and they will break things.

True, but this does not address the issue that there are _really_stupid_ 
dependencies to be found if you look around.  Things that make only sense in 
special circumstances. I know of no example offhand, but I mean along the 
lines of <a package with a web frontend has netscape as dependency>, <a 
networksniffer needs libOpenGL> and such obviously flawed packages.
(I mean, just the fact that a networksniffer has a GUI in addition to 
commandline use, and that some functions in that GUI require openGL shouldn't 
be a large enough reason to put a hard dependency on OpenGL. Right? )

I remember well that at one time I wanted to install a SuSE system without X, 
and just one package triggered 4 other packages and those then triggered the 
full X eventually.  It really was a pain.  Mind you, that was a few years 
back, I get the distinct impression things have changed for the better now. 

Maarten

-- 
Yes of course I'm sure it's the red cable. I guarante[^%!/+)F#0c|'NO CARRIER

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ