On Wed, Feb 22, 2017 at 11:30 AM, Gary E. Miller <g...@rellim.com> wrote: > > Yo Achim! > > On Wed, 22 Feb 2017 18:21:01 +0100 > Achim Gratz <strom...@nexgo.de> wrote: > > > Gary E. Miller writes: > > > Mark was thinking of a separate ntp-tools package or option. Many > > > distros has a X package and a matching X-tools package. We could > > > make that easy with a build option. > > > > > > I see the vast majority of users only using ntpd. > > > > > > But seriously, do you really need to save USD$0.001 of disk space? > > > > I'm pretty sure that Hal was more concerned about not putting stuff > > on a public-facing server that wasn't absolutely necessary. > > Then 90% of your distro is probably also not absolutely necessary. > > If your attacker can run things on your CLI then it is long past game over.
The attack surface isn't binary. IMO, it's better for the ecosystem to let each admin decide which things to install or to leave out. If it's an easy split to make, I'd rather that admins have the option. > > You'd > > want that for an audited system, like the "sec" part in NTPsec > > implies should be possible. > > I've never had that come up in an audit. Every open port gets thorughly > looked at, but not miscellaneous programs in /usr/bin. _______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
