Op vrijdag 23 maart 2012 17:38:05 schreef Thierry Vignaud: [...] > we preselect it here so that it got installed early: > http://svnweb.mageia.org/soft/drakx/trunk/perl-install/install/any.pm?revis > ion=3532&view=markup > > because else it'll be automatically pulled later, adding a one package (or > more) wait later: > http://svnweb.mageia.org/soft/drakx/trunk/perl-install/bootloader.pm?revisi > on=3581&view=markup > > just look mageia-gfxboot-theme > > Of course, that's OK for 99% of our users but for those manually > selecting text lilo.
text grub would still need this? hmm... i'll look into this more deeply... > That's a trade off: enforcing waiting for packages installation after all > the other package installation so that a couple users can not have > the bootsplash installed and select lilo or having a couple users > unhappy yeah, i get that, and i agree with this, but there's no reason some advanced setting can be done to turn more stuff off, be it visible or even via kickstart or cmdline... > BWe could not preselect what is 'BWe' ? well, i was thinking to disable the preselect and/or later part when CAT_X is disabled. that should be fairly easy to do... > > about firewall, perhaps it's possible to just include iptables, but set > > policy on DROP incoming? shorewall seems a bit over the top... > > we configure shorewall, not iptables. > > > but, if summary isn't completed, you can't boot into it, wrt bootloader? > > so firewall seems useless for that...? what is the rationale behind > > this? > > In the old days we let poeple choose the security level early then we > automatically install & set up the firewall accordingly. > Later the security choice was moved to the summary and security level > number was reduced from to 3 (see msec or security::level) > But since the default security level is 1 ("standard"), we automatically > install the firewall anyway. > For years. sure, but i don't see the need to preselect it, again, it could be in rpmsrate and handled that way now that the security level is "unused" otoh, i could just use defcfg (if i ever get it working) and set security to 0 if i wanted to.