Package: libglx-mesa0 Version: 18.3.6-2+deb10u1 Control: found -1 19.3.3-1 Severity: wishlist
So far as I can tell, the usage of the DRI modules provided by libgl1-mesa-dri by libglx-mesa0 is either optional or dependent on the context. At the very least, circumventing these dependencies produces no apparent ill effects with the packages transitionally dependent on libglx-mesa0, such as x11-utils, xvfb (via libgl1), and so on. Given that the libgl1-mesa-dri package brings in some 60‒70 MB of Installed-Size: due to libllvm alone – and also on headless systems which cannot possibly benefit from having DRI modules available – could the dependency on libgl1-mesa-dri please be downgraded to Recommends:? Background I’m concerned with, specifically, the amount of runnable code in the (base) system – and its implications on security. I assume that /not/ having some package installed is ought to be the ultimate guarantee that no security flaw in said package is going to affect a given system. Hence is my interest in minimalistic Debian installs. As a workaround, I’ve installed an otherwise empty Provides: libgl1-mesa-dri package [1], produced with nope.sh [2], like: $ fakeroot -- nope libgl1-mesa-dri [1] http://am-1.org/~ivan/dist/no-libgl1-mesa-dri_0.1_all.deb [2] http://am-1.org/~ivan/src/nope.sh -- FSF associate member #7257 http://am-1.org/~ivan/