On Mon, 17 Jan 2005, Rahul Sundaram wrote: > > > You are overstating the security risk of a single library package that > > > is unused. > > > > Single library? It looked to me as if the whole set of files that make > > up mysql and postgresql were being pulled in and loaded on the system. > > bloat is a more valid point that security risks IMHO. > > disabled services dont present much of a security risk. 200k for the postgresql library, 100k for the mysql library, kerberos support alone is more 'bloated' than 300k. If you mean the mysql client library is part of a 5MB package and requires a dozen perl packages, maybe. It may be unfortunate that you need it even when you don't use it. But then again, look at the rest of your system and what stuff you have installed that you may never use. /usr/share/doc, locale, the terminal emulation stuff, maybe some -devel packages you didn't know were there. 5MB is peanuts and a small price to pay for the flexibility of having both mysql and postgresql support and not having to manage every permutation of functionality. You know what distribution you end up having if you go there... :) -- dag wieers, dag@xxxxxxxxxx, http://dag.wieers.com/ -- [all I want is a warm bed and a kind word and unlimited power]
