On Sun, Jan 16, 2005 at 05:24:10PM -1000, Warren Togami wrote: > >and IMHO a security risk. It will make security audits more difficult > >since unused packages are included and adds just that much more code > >that could have an exploit in it. > You are overstating the security risk of a single library package that > is unused. Still, this isn't a good direction to go. There *could* be security problems in any code, and not having what you don't need is the 100% sure way to avoid them. This needs to be split up more. And, it'd be nice to avoid updates which suddenly pull in new dependencies unless it's strictly necessary. -- Matthew Miller mattdm@xxxxxxxxxx <http://www.mattdm.org/> Boston University Linux ------> <http://linux.bu.edu/>
