Your message dated Wed, 3 Jan 2007 04:36:58 -0800
with message-id <[EMAIL PROTECTED]>
and subject line priority change on your package(s)
has caused the attached Bug report to be marked as done.
This means that you claim that the problem has been dealt with.
If this is not the case it is now your responsibility to reopen the
Bug report if necessary, and/or fix the problem forthwith.
(NB: If you are a system administrator and have no idea what I am
talking about this indicates a serious mail system misconfiguration
somewhere. Please contact me immediately.)
Debian bug tracking system administrator
(administrator, Debian Bugs database)
--- Begin Message ---
Package: dpkg-dev
Version: 1.10.27
Priority: important
Tags: patch
[Note: This has happened to me a few times while testing d-i and I had not
nailed down the root cause but after my last installation (see installation
report sent as bug #301112, I've investigated a bit ]
When doing a default installation just selecting the 'Desktop' task, a user
will end up with a lot of development packages including gcc, g++,
libc6-dev, kernel-headers-dev and lots of other -dev packages.
The culprit here might be dpkg-dev, pulled in by aptitude because it's
priority standard. Dpkg-dev recomemnds a c-compiler and aptitude happily
takes Recommends for the system and downloads all of them:
Package: dpkg-dev
Priority: standard
Section: utils
(...)
Recommends: c-compiler
^^^^^^^^^^
So gcc is pulled in (Provides: c-compiler) and with it (through
dependancies) bison, flex, make, autoconf, gdb, libc-dev (libc6-dev) and on
and on..
Now, the Debian policy says:
standard
These packages provide a reasonably small but not too limited
character-mode system. This is what will be installed by
default if the user doesn't select anything else. It doesn't
include many large applications.
I fail to see how dpkg-dev fits in that category as most users will _not_
build debian packages at all. The current tasks defined in tasksel (and
used by base-config) are: database-server, dns-server, file-server,
mail-server, print-server and desktop environments (in different languages)
None of those tasks need a C-compiler, nor do they need dpkg-dev at all.
Joey Hess removed the debian-devel task a while back (May 2001) with the
following changelog:
- Killed debian-dev(el) task, since it does not meet our task criteria
-- nowhere near 10% of debian users are debian developers (we hope!),
and probably not enough regular users will use this package to make
up the difference. This is my own package, so I'm willing to be
persuaded otherwise, though..
Joey also removed some other development tasks (c-dev, java-dev,
python-dev, kernel-compile) in June 2004 too.
It certainly does not make sense to me to have desktop systems with a C/C++
compiler and, what's worst, those tools can easily be used by worm writers
to have a more efficient worm propagation (as demonstrated by the Slapper
worm back in 2002 [1])
Please fix this before the next stable release is made or otherwise we'll
end up with lots of users wondering why they have all a C-compiler
installed!
Regards
Javier
[1] Please also read "A Slap Upside the Head"
http://www.hackinglinuxexposed.com/articles/20020924.html
" Minimal Software Installations
The worm requires gcc to compile the .bugtraq.c file. If you
didn't install gcc, then the worm will fail before even if it
managed to break into your web server. Just as you'd turn off a
daemon you aren't using, why keep software installed that you
don't need? It only gives an attacker another tool that can
make the cracking easier.
"
Patch for this :-)
$ diff -u control.orig control
--- control.orig 2005-03-24 00:07:37.000000000 +0100
+++ control 2005-03-24 00:08:04.000000000 +0100
@@ -47,7 +47,7 @@
Package: dpkg-dev
Section: utils
-Priority: standard
+Priority: optional
Architecture: all
Depends: perl5, perl-modules, cpio (>= 2.4.2-2), patch (>= 2.2-1), make,
binutils
Recommends: c-compiler
signature.asc
Description: Digital signature
--- End Message ---
--- Begin Message ---
In fixing bug #301138, several packages have been lowered to optional priority
from standard priority, reflecting that our "standard" user is not a developer,
and should not have a development environment installed.
If you're on the cc list, your package(s) have been affected. Here's the
complete list of packages:
bin86
binutils
binutils-hppa64
bison
flex
g++
g++-4.1
g++-4.2
gcc
gcc-4.1
gcc-4.1-hppa64
gcc-4.2
gcc-4.2-hppa64
gdb
linux-kernel-headers
make
manpages-dev
cpp
cpp-4.1
cpp-4.2
libc6-dev
libc6-dev-s390x
libc6-dev-sparc64
libc6.1-dev
libstdc++6-4.1-dev
libstdc++6-4.2-dev
dpkg-dev
signature.asc
Description: PGP signature
--- End Message ---