Yo Royce! On Wed, 22 Feb 2017 11:38:04 -0900 Royce Williams <ro...@tycho.org> wrote:
> On Wed, Feb 22, 2017 at 11:30 AM, Gary E. Miller <g...@rellim.com>
> wrote:
> >
> > Yo Achim!
> >
> > On Wed, 22 Feb 2017 18:21:01 +0100
> > Achim Gratz <strom...@nexgo.de> wrote:
> >
> > > Gary E. Miller writes:
> > > > Mark was thinking of a separate ntp-tools package or option.
> > > > Many distros has a X package and a matching X-tools package.
> > > > We could make that easy with a build option.
> > > >
> > > > I see the vast majority of users only using ntpd.
> > > >
> > > > But seriously, do you really need to save USD$0.001 of disk
> > > > space?
> > >
> > > I'm pretty sure that Hal was more concerned about not putting
> > > stuff on a public-facing server that wasn't absolutely
> > > necessary.
> >
> > Then 90% of your distro is probably also not absolutely necessary.
> >
> > If your attacker can run things on your CLI then it is long past
> > game over.
>
> The attack surface isn't binary.
Agreed 100%. Things like CLI tools with no special permissions or
capabilities are way at the bottom of the worry scale. Lost in the
noise floor.
> IMO, it's better for the ecosystem to let each admin decide which
> things to install or to leave out. If it's an easy split to make, I'd
> rather that admins have the option.
Nothing we do says an admin can't "rm /usr/bin/XXX". I often have that
in my build scripts. No need to clutter the build options for that.
RGDS
GARY
---------------------------------------------------------------------------
Gary E. Miller Rellim 109 NW Wilmington Ave., Suite E, Bend, OR 97703
g...@rellim.com Tel:+1 541 382 8588
Veritas liberabit vos. -- Quid est veritas?
"If you can’t measure it, you can’t improve it." - Lord Kelvin
pgpE10_6Kt0v7.pgp
Description: OpenPGP digital signature
_______________________________________________ devel mailing list devel@ntpsec.org http://lists.ntpsec.org/mailman/listinfo/devel
