On Wed, 2003-10-29 at 21:29, Spider wrote: > > I wonder if it would be possible to somehow remotely "mount" the rest > > of > > the stuff such as gcc/python etc.. as with portage. So this way the > > system would be completely clean and when it needs to be updated a > > script would mount/link the tools from a remote system and after its > > done upgrading it would unlink and we are left with a lean clean > > system. > > http://ovlfs.sf.net/ (if I recall correctly) might be the thing here.
What an idea! Never thought of such a thing. Definitly worth a look. > Another alternative is to use a staging machine to build binaries, then > simply untar the .tbz2 files, instead of using portage to do it. (evil > solution actually ;) > After that, some manual pruning should get the things in order. Yeah really evil. I guess this is what some people do. But I would prefer to have portage do the stuff instead of getting worries that I might have forgotten to fix a file or something.. > Though, for a server you don't gain anything in security by removing > compilers and development tools. perhaps in complexity and size, though. Well. Regarding security that is a bit relative. You do gain in the sense that the cracker has one less tool/option at hand and hence you gain a little bit more of the higher ground against the attacker. The less options/possibilites the cracker has the harder (even if its only a little bit) it gets to penetrate (although not impossible of course). Also as you state it is nice to have a simple clean lean system with a small footprint. I really don't know how valid my assumptions are, but I am willing to give it a shot to see what comes out of a de-Gentooizable Gentoo ;) Cheers, Vano -- [EMAIL PROTECTED] mailing list
