Re: woody release task needs help: package priorities

[J.A. Bezemer]

On Wed, 30 May 2001, Joey Hess wrote:

> J.A. Bezemer wrote:
> 
> > What about making a few task-* packages standard and have tasksel pre-select
> > them by default? (I.e. start with [X] instead of [ ])
> 
> That's not a bad idea.
> 
> > Another thing: will it still be _easy_ to install a small system without gcc,
> > emacs, lpr, rcs etc.?
> 
> Yes, at least two simple ways with the latest rev of base-config. Either
> choose not to run tasksel or dselect at all (which results in just the
> base system being installed),

AFAIK in current potato floppies there's no APT setup done in that case,
which, well, doesn't make things very easy. Or has that been changed lately?

>or have it run first tasksel, and then
> dselect and de-select anything you dislike.

I'd hardly call that easy. (I'm thinking from an "informed newbie with small
disk" perspective.)


Regards,
  Anne Bezemer


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: woody release task needs help: package priorities

[Joey Hess]

J.A. Bezemer wrote:
> > It might be useful to be able to get these sorts of things back using a
> > 'unix-servers' task or similar.

Implemented now btw.

> What about making a few task-* packages standard and have tasksel pre-select
> them by default? (I.e. start with [X] instead of [ ])

That's not a bad idea.

> Another thing: will it still be _easy_ to install a small system without gcc,
> emacs, lpr, rcs etc.?

Yes, at least two simple ways with the latest rev of base-config. Either
choose not to run tasksel or dselect at all (which results in just the
base system being installed), or have it run first tasksel, and then
dselect and de-select anything you dislike.

-- 
see shy jo


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: woody release task needs help: package priorities

[J.A. Bezemer]

On Fri, 18 May 2001, Anthony Towns wrote:

> On Sat, May 12, 2001 at 03:46:13AM -0400, Adam Di Carlo wrote:
> > Here's a provisional list of packages which are standard or higher and
> > should not be:
> >   fingerd   not very secure for baseline
> >   ftpd  not very secure for baseline
> >   talk  rather obsolete, but debatable
> >   talkd not very secure for baseline
> >   telnetd   not very secure for baseline
> 
> I've dropped all of these to optional. (*d based on most people not really
> needing servers running locally, talk based on it presumably not being much
> use without a talkd)
> 
> It might be useful to be able to get these sorts of things back using a
> 'unix-servers' task or similar.
> 
> Since there's a 'tetex' task, I've also dropped tetex from standard to
> optional: people who want TeX will need to choose the task now.

And since there's a task-c-dev, also drop gcc from standard?

What about making a few task-* packages standard and have tasksel pre-select
them by default? (I.e. start with [X] instead of [ ])

Another thing: will it still be _easy_ to install a small system without gcc,
emacs, lpr, rcs etc.?


Regards,
  Anne Bezemer


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: woody release task needs help: package priorities

[Anthony Towns]

On Sat, May 12, 2001 at 03:46:13AM -0400, Adam Di Carlo wrote:
> Here's a provisional list of packages which are standard or higher and
> should not be:
>   fingerd   not very secure for baseline
>   ftpd  not very secure for baseline
>   talk  rather obsolete, but debatable
>   talkd not very secure for baseline
>   telnetd   not very secure for baseline

I've dropped all of these to optional. (*d based on most people not really
needing servers running locally, talk based on it presumably not being much
use without a talkd)

It might be useful to be able to get these sorts of things back using a
'unix-servers' task or similar.

Since there's a 'tetex' task, I've also dropped tetex from standard to
optional: people who want TeX will need to choose the task now.

Cheers,
aj

-- 
Anthony Towns <[EMAIL PROTECTED]> 
I don't speak for anyone save myself. GPG signed mail preferred.

``_Any_ increase in interface difficulty, in exchange for a benefit you
  do not understand, cannot perceive, or don't care about, is too much.''
  -- John S. Novak, III (The Humblest Man on the Net)

 PGP signature

Re: woody release task needs help: package priorities

[Wichert Akkerman]

Previously Tollef Fog Heen wrote:
> You are assuming that talkd have buffer overflows, but you have no
> proof of it.  And talk is rwxr-xr-x, so what would you win by an
> overflow on a local host?  And I doubt that there are many bugs in a
> daemon which is less than 10k big.

Security works the other way around: assumed vulnerable until proven
otherwise. And for any non-trivial program proof is impossible, so
the best we can do is limit the risks.

Wichert.

-- 
  _
 /   Nothing is fool-proof to a sufficiently talented fool \
| [EMAIL PROTECTED]  http://www.liacs.nl/~wichert/ |
| 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0  2805 3CB8 9250 2FA3 BC2D |


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: woody release task needs help: package priorities

[Vince Mulhollon]

On 05/15/2001 09:28:37 AM tfheen wrote:

>> You are assuming that talkd have buffer overflows, but you have no
>> proof of it.  And talk is rwxr-xr-x, so what would you win by an
>> overflow on a local host?  And I doubt that there are many bugs in a
>> daemon which is less than 10k big.

Perhaps it's poor form for me to pick on one specific type of security hole
on one specific binary.

When .debs include a file that has a formal proof of correctness for each
binary and any possible input parameters and data, then I'll completely
trust those debs.  Maybe yet another lintian option (just kidding)

I'm thinking, your point of view is that if no current bugs are found, if
the source looks short, simple and OK, therefore no bugs will exist, but my
arguement is that if that were true, our BTS would only contain wishlists,
typos, and WNPP.  Classic optimism vs pessimism argument.

Will a security related problem be found in every random binary someday?
Given enough time, yes.

>> Bugs != vulnerabilities.  You are assuming that all programs are
>> exploitable, even if one can prove that they aren't.  (Barring bugs in
>> the kernel or other places.)

One should provide me a formal proof of correctness for each line of source
code in Debian and how it interacts with each other line of source.  Then I
guess one will be correct, one has proven they aren't (exploitable).

Again, my mistake for picking on one specific binary.  If you do in fact
have a formal proof of correctness for talk and talkd, well then I guess it
truely has no security holes and is truely bug free, as long as all
interactions with other installed software and libraries are OK.  If it
links to a buggy libc, then maybe the overall system would be exploitable.

>> Still, I don't think you are arguing that man-db should be made
>> priority optional or extra because of this?  A stripped-down system
>> with the bare necessities doesn't have all the packages from standard
>> installed.  Standard is more than the bare necessities.

You are correct, I am not argueing for that.  I was using that as an
example of how I did not have a problem with software I purposefully did
not install.  You can't have an open mail relay if you don't install any
mail software.  You can't have skript kiddies compiling exploits if you
don't have a compiler.  You can't have cgi-bin problems if you don't have a
webserver installed.

The question is how much more than bare necessities is standard?  Would
installing everything be acceptable as a standard?  True, installing
everything would be more than the bare necessities.  I'm argueing for
moving the line toward installing less.

>> | Never install something unless you are willing to take the time to
support
>> | and debug it, AND then justify the time to your boss.
>>
>> If my boss were to decide whether I used two minutes for upgrading
>> some daemon or not, I'd change jobs, as I like to control my own
>> time.

It's a judgement call thing, not a time management thing.  Why the heck
would someone have the poor judgement to install and maintain something the
users don't need, and then bill for it?  Outside the computer world, it
might be popular to bill the client for playing cards or reading magazines,
but that doesn't make it ethical.  It's not the dollar value of the wasted
time, its the lack of trust that they are not wasting time in other cases.
Besides, wouldn't you rather be playing quake rather than upgrading a
daemon that is not used?

Correct, for one box it's not much time, or if you have a hundred boxes its
also not much time because you write an expect script.  Still, if you only
have a dozen or so boxes, thats half an hour of billable time if you do it
manually.  All for nothing, if its not used.  So why waste time/money/drive
space/electricity?

>> | Just because it's very easy to install MTAs and webservers and
>> | compilers doesn't mean it's a good idea to do so on every box, just
>> | because you can.
>>
>> So you think gcc and exim should be priority extra/optional as well?

Ah, no I don't want to start a flame war here.  My production boxes are not
mail servers, I don't want to even screw around with email issues,
personally I purge all MTAs (which usually wipes out "at", which I also
don't need, etc).  And I definately don't have gcc installed on the
production boxes, that's for sure.  But for the average Debian user
(whatever that means) I suppose they are a standard, required, and often
used binary (?)

>> | If you have no use for talk or talkd, you should not install them.
Most
>> | people have no use for them, therefore most people should not install
them.
>>
>> If we are to remove each and every package from standard which
>> somebody might not need, I don't see the point of having standard at
>> all.  Standard should be a slim but reasonable complete UNIX system.
>> Out of 1240 computers which submitted popcon results, talk got 167
>> votes.  I think that shows that quite some people use it.  And

Re: woody release task needs help: package priorities

[Michael Stone]

On Tue, May 15, 2001 at 04:28:37PM +0200, Tollef Fog Heen wrote:
> You are assuming that talkd have buffer overflows, but you have no
> proof of it.  

Of course a reasonably paranoid person would assume that buffer
overflows exist and mitigate the risk as appropriate. Unless you can
*prove* that the software is secure (proof by assertion or proof by "it
hasn't happened yet" aren't) an assumption of security is unwarranted.

-- 
Mike Stone


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: woody release task needs help: package priorities

[Tollef Fog Heen]

* "Vince Mulhollon" 

| On 05/15/2001 08:00:09 AM exa wrote:
| 
| >> What about closing all the ports by default? The user can open them by
| >> himself if he wants to anyway. Security fans would really be happy then.
| 
| Still have the vulnerable, exploitable binaries.  All you have to do it get
| root and open the "talkd" ports once, or buffer overflow "talk".  Make
| criminals really work for it, don't make anything easier for them.

You are assuming that talkd have buffer overflows, but you have no
proof of it.  And talk is rwxr-xr-x, so what would you win by an
overflow on a local host?  And I doubt that there are many bugs in a
daemon which is less than 10k big.

| >> I sometimes have the feeling that too much security is breaking many
| >> convenient features. It would be wrong to put in a program with known
| >> vulnerabilities, but except that I don't see why you would want to
| >> remove useful small programs.
| 
| The problem is that all programs more complicated than "hello world" have
| vulnerabilities that will eventually be found.  Consider the recent man-db
| events.

Bugs != vulnerabilities.  You are assuming that all programs are
exploitable, even if one can prove that they aren't.  (Barring bugs in
the kernel or other places.)

| On my deployed end user systems, although man would be "nice", it's just
| not needed to do the job.  Most end users would never RTFM anyway, and I
| never have to RTFM on the production boxes (that's what development boxes
| are for), therefore man-db would never be run on my production boxes.  So I
| get rid of it.  Therefore I don't care about the recent man-db security
| problems on my deployed systems, because none of them have man-db
| installed.

Still, I don't think you are arguing that man-db should be made
priority optional or extra because of this?  A stripped-down system
with the bare necessities doesn't have all the packages from standard
installed.  Standard is more than the bare necessities.

| Never install something unless you are willing to take the time to support
| and debug it, AND then justify the time to your boss.

If my boss were to decide whether I used two minutes for upgrading
some daemon or not, I'd change jobs, as I like to control my own
time.

| Just because it's very easy to install MTAs and webservers and
| compilers doesn't mean it's a good idea to do so on every box, just
| because you can.

So you think gcc and exim should be priority extra/optional as well?

| If you have no use for talk or talkd, you should not install them.  Most
| people have no use for them, therefore most people should not install them.

If we are to remove each and every package from standard which
somebody might not need, I don't see the point of having standard at
all.  Standard should be a slim but reasonable complete UNIX system.
Out of 1240 computers which submitted popcon results, talk got 167
votes.  I think that shows that quite some people use it.  And it's
small, and if it will listen on loopback by default, I see no problem
with it.

| Therefore talk and talkd should be removed from standard.  The few people
| that do have a use, also have the skill to type "apt-get install talk
| talkd".

Not everybody has root on the systems they are using.

-- 

Tollef Fog Heen
Unix _IS_ user friendly... It's just selective about who its friends are.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: woody release task needs help: package priorities

[Vince Mulhollon]

On 05/15/2001 08:00:09 AM exa wrote:

>> What about closing all the ports by default? The user can open them by
>> himself if he wants to anyway. Security fans would really be happy then.

Still have the vulnerable, exploitable binaries.  All you have to do it get
root and open the "talkd" ports once, or buffer overflow "talk".  Make
criminals really work for it, don't make anything easier for them.

>> I sometimes have the feeling that too much security is breaking many
>> convenient features. It would be wrong to put in a program with known
>> vulnerabilities, but except that I don't see why you would want to
>> remove useful small programs.

The problem is that all programs more complicated than "hello world" have
vulnerabilities that will eventually be found.  Consider the recent man-db
events.

On my deployed end user systems, although man would be "nice", it's just
not needed to do the job.  Most end users would never RTFM anyway, and I
never have to RTFM on the production boxes (that's what development boxes
are for), therefore man-db would never be run on my production boxes.  So I
get rid of it.  Therefore I don't care about the recent man-db security
problems on my deployed systems, because none of them have man-db
installed.

Never install something unless you are willing to take the time to support
and debug it, AND then justify the time to your boss.  Just because it's
very easy to install MTAs and webservers and compilers doesn't mean it's a
good idea to do so on every box, just because you can.

If you have no use for talk or talkd, you should not install them.  Most
people have no use for them, therefore most people should not install them.
Therefore talk and talkd should be removed from standard.  The few people
that do have a use, also have the skill to type "apt-get install talk
talkd".


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: woody release task needs help: package priorities

[Michael Stone]

On Tue, May 15, 2001 at 04:00:09PM +0300, Eray Ozkural (exa) wrote:
> I sometimes have the feeling that too much security is breaking many
> convenient features. It would be wrong to put in a program with known
> vulnerabilities, but except that I don't see why you would want to
> remove useful small programs.

Because the vast majority of users probably don't care about all the
possible features (and many don't even know they exist/are active) are
are needlessly exposed to an avoidable security risk. Time and again
we've seen programs, even those originally designed as secure
alternatives, exploited by holes discovered years after they were first
released. The *only* practical way to prevent this is to not run
external services unless they're really required. Unless you care to
come up with a proof of correctness...

Didn't think so.

-- 
Mike Stone


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: woody release task needs help: package priorities

[Eray Ozkural (exa)]

Tollef Fog Heen wrote:
> 
> * Michael Stone
> 
> | On Sat, May 12, 2001 at 01:08:17PM +0200, Tollef Fog Heen wrote:
> | > | >   talk  rather obsolete, but debatable
> | > | >   talkd not very secure for baseline
> | >
> | > I want those.  They are very useful, and afaik, there are no security
> | > problems with talkd.
> |
> | This is about you, it's about the general case; you can install them
> | yourself with no problem. *Any* open port presents an additional
> | risk--what value outweighs that risk in this case, for the general user?

What about closing all the ports by default? The user can open them by
himself if he wants to anyway. Security fans would really be happy then.

Sure, but the system would be like the 'secure' system of bilkent that
has all ports firewalled except http and pop3.

I sometimes have the feeling that too much security is breaking many
convenient features. It would be wrong to put in a program with known
vulnerabilities, but except that I don't see why you would want to
remove useful small programs.

Thanks,

-- 
Eray Ozkural (exa)
Comp. Sci. Dept., Bilkent University, Ankara
e-mail: [EMAIL PROTECTED]
www: http://www.cs.bilkent.edu.tr/~erayo


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: woody release task needs help: package priorities

[Eray Ozkural (exa)]

Wichert Akkerman wrote:
> 
> Emacs is not `the standard editor', it is just one of the two most popular
> ones. More importantly, we need an editor in the b-f that everyone can
> use easily without having to know emacs, vi or any other editor.

The first thing I involuntarily discovered in vi was the exit command.
*shudder* I think nano will do it. There doesn't seem to be another
editor that is as intuitive in Debian. (though, the keyboard shortcuts
may be confusing for emacs users)

Although zile is another nice stripped down emacs, it has the emacs
spirit totally intimidating any new luser.

Many people on our unix system use pico for editing on terms and are
comfortable with the interface. Though a coder friend of mine used to
write his programs with ed. 

If only we had ced on unix ;)

Regards,

--
Eray Ozkural (exa)
Comp. Sci. Dept., Bilkent University, Ankara
e-mail: [EMAIL PROTECTED]
www: http://www.cs.bilkent.edu.tr/~erayo


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: woody release task needs help: package priorities

[Tollef Fog Heen]

* Michael Stone 

| On Mon, May 14, 2001 at 03:16:53PM +0200, Tollef Fog Heen wrote:
| > IMHO, a system without talk and talkd is too limited.  Have it only
| > listen on loopback, if security is the problem.
| 
| That's YHO. I obviously disagree. :)

:)

| I haven't used talk in years, and you could probably find a large
| number of people who don't even know what it is.

And then you show it to them and they are _so_ happy.  It is a very
nice tool for working together, while being in separate places.  Lots
of people don't know of some of the other "obscure" unix tools either,
but that doesn't mean they are useless.

| Shoul *your personal belief* that a system without talk is a broken
| system be enough to force make it part of a default debian system?

I said that 'I want that'.  If enough people say "I don't want that"
or "I want that", then the decision on whether it should be kept is
based on that - remember: rough consensus.  If I were not to raise my
voice, no one else might either and talk might be removed even though
many wanted it.

-- 

Tollef Fog Heen
Unix _IS_ user friendly... It's just selective about who its friends are.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: woody release task needs help: package priorities

[Mark Eichin]

what's the alternative, voting? :-)

(seriously, I use talk regularly - "securely" even: two people ssh to
a common machine, and run talk there :-) I'd probably be happy with
any equivalent user-to-user real-time messaging tool, but "write" is
kind of gross, and everything else seems to try to be pumped versions
of talk anyway...)


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: woody release task needs help: package priorities

[Michael Stone]

On Mon, May 14, 2001 at 03:16:53PM +0200, Tollef Fog Heen wrote:
> IMHO, a system without talk and talkd is too limited.  Have it only
> listen on loopback, if security is the problem.

That's YHO. I obviously disagree. :) I haven't used talk in years, and
you could probably find a large number of people who don't even know
what it is. Shoul *your personal belief* that a system without talk is a
broken system be enough to force make it part of a default debian
system?

-- 
Mike Stone


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: woody release task needs help: package priorities

[Tollef Fog Heen]

* Michael Stone 

| On Sat, May 12, 2001 at 01:08:17PM +0200, Tollef Fog Heen wrote:
| > | >   talk  rather obsolete, but debatable
| > | >   talkd not very secure for baseline
| > 
| > I want those.  They are very useful, and afaik, there are no security
| > problems with talkd.
| 
| This is about you, it's about the general case; you can install them
| yourself with no problem. *Any* open port presents an additional
| risk--what value outweighs that risk in this case, for the general user?

To cite the definition:

These packages provide a reasonably small but not too limited
character-mode system.

IMHO, a system without talk and talkd is too limited.  Have it only
listen on loopback, if security is the problem.

-- 

Tollef Fog Heen
Unix _IS_ user friendly... It's just selective about who its friends are.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: woody release task needs help: package priorities

[Michael Stone]

On Sat, May 12, 2001 at 01:08:17PM +0200, Tollef Fog Heen wrote:
> | >   talk  rather obsolete, but debatable
> | >   talkd not very secure for baseline
> 
> I want those.  They are very useful, and afaik, there are no security
> problems with talkd.

This is about you, it's about the general case; you can install them
yourself with no problem. *Any* open port presents an additional
risk--what value outweighs that risk in this case, for the general user?

-- 
Mike Stone


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: woody release task needs help: package priorities

[Rob Browning]

Adam Di Carlo <[EMAIL PROTECTED]> writes:

>  `standard'
>   These packages provide a reasonably small but not too limited
>   character-mode system.  This is what will install by default if
>   the user doesn't select anything else.  It doesn't include many
>   large applications, but it does include Emacs (this is more of a
>   piece of infrastructure than an application) and a reasonable
>   subset of TeX and LaTeX.

FWIW (and I suspect this may make a bunch of people happy), I'm
actively investigating the possibility of having an emacs21-no-x
package (i.e. that's NO X) that'll have a binary without X support.

We'll see.  No promises yet.

-- 
Rob Browning <[EMAIL PROTECTED]> PGP=E80E0D04F521A094 532B97F5D64E3930


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: woody release task needs help: package priorities

[kcr]

Bastian Blank <[EMAIL PROTECTED]> writes:
> On Sat, May 12, 2001 at 03:46:13AM -0400, Adam Di Carlo wrote:
> >   rcs   few use it
> replace it with cvs

rcs and cvs solve very different problems.  They are by no means
equivalent, and I use both, and I know lots of people who use both on a
regular basis.  Replacing it with cvs is silly.  Removing it because 'few
use it' seems wrong.  Making cvs 'standard' in addition to cvs might have
some merit.

> >   vacation  why standard?
> >   fingerd   not very secure for baseline
> >   ftpd  not very secure for baseline
> >   lpr   not very secure for baseline, poss use lprng?

These fall, IMHO, under the /important/ description:

   Important programs, including those which one would expect to find on any
   Unix-like system. If the expectation is that an experienced Unix person who
   found it missing would say `What on earth is going on, where is foo?', it
   must be an important package. [4] Other packages without which the system
   will not run well or be usable must also have priority important. This does
   not include Emacs, the X Window System, TeX or any other large
   applications. The important packages are just a bare minimum of
   commonly-expected and necessary tools.

Experienced UNIX people [not necessarily experienced Debian people] will
become confused and critical when somethinglike the above are missing.

> why a print daemon? most user doesn't need such service

A lot of people rate being able to print as very important part of using a
computer. 

> >   talk  rather obsolete, but debatable
> >   talkd not very secure for baseline
> >   telnetd   not very secure for baseline

see above.

> wenglish  I think it is only usefull with dict

No, it has nothing to do with dict.  I believe this is the package that
provides /usr/share/dict/words, which has been around on UNIX systems [as
/usr/dict/words] since before many developers were born.  [see above...]

kcr


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: woody release task needs help: package priorities

[Sam Hartman]

While I agree there aren't that many people who use RCS directly, it
is certainly one of those things I expect to be on a Unix system as a
basic tool.

I think you may break the expectations of people coming from other operating systems 
if you don't make RCS standard. 


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: woody release task needs help: package priorities

[Marco d'Itri]

On May 12, Adam Di Carlo <[EMAIL PROTECTED]> wrote:

 >  vacation  why standard?
Because it fits the definition of "standard". Actually I think it fits
the definition of "important" too, where it says "If the expectation is
that an experienced Unix person who found it missing would say `What
the F*!@<+ is going on, where is `foo'', it must be in `important'."

 >  rblcheck  why standard?
It was part of another package, I'll demote it to extra ("are only
likely to be useful if you already know what they").

-- 
ciao,
Marco


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: woody release task needs help: package priorities

[Wolfgang Sourdeau]

> replacement for ae, which I think is a very good idea; nano is
> *self-documenting*, which is the key feature for an editor we want to be
> useful for all users.

zile is self-documenting too.

> I also don't think you'll get very far in trying to prove that most people on
> d-d use emacs.

I know, this was a stupid argument.


Wolfgang


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: woody release task needs help: package priorities

[Steve Langasek]

On Sat, 12 May 2001, Wolfgang Sourdeau wrote:

> > "Bastian" == Bastian Blank <[EMAIL PROTECTED]> writes:

> > [1  ]
> > On Sat, May 12, 2001 at 03:46:13AM -0400, Adam Di Carlo wrote:
> >> aenot used as basic editor anymore, everyone seems to hate it

> > what do you think to include as basic editor? vim? and elvis-tiny for
> > boot-floopies?

> I am just experiencing zile and I find it quite good. And, btw, it is
> meant primarily for boot floppies.
> Another argument is that zile is "kind of" a stripped-down version of
> Emacs, and Emacs is the standard editor for the GNU system, which I am
> sure most of the people on this list are using.

That most Debian developers use Emacs is not a good argument for including an
Emacs-like editor in boot-floppies, because most people who will be using the
boot-floppies are /not/ Debian developers, and we should not expect them to
have the same background knowledge that we do.  I've seen nano discussed as a
replacement for ae, which I think is a very good idea; nano is
*self-documenting*, which is the key feature for an editor we want to be
useful for all users.

I also don't think you'll get very far in trying to prove that most people on
d-d use emacs.

> > why a print daemon? most user doesn't need such service
> > if it is necesary, why not use cups as standard?

> LPRng is far more secure and robust than anything else. LPR is an
> insecure pseudo-standard, while LPRng is more configurable, better
> designed, more RFC-compliant. CUPS is nice too, but does lack a lot of
> "drivers" in its free version, is buggy and a lot of security problems
> are found too often.

Yes, I don't think CUPS is yet mature enough to be recommended for standard.
BSD lpr is mature, but it hasn't gotten any better with age. :)  LPRng seems a
good choice to me.

Steve Langasek
postmodern programmer


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: woody release task needs help: package priorities

[Matt Zimmerman]

On Sat, May 12, 2001 at 01:13:54PM +0200, Wichert Akkerman wrote:

> Previously Wolfgang Sourdeau wrote:
> > Another argument is that zile is "kind of" a stripped-down version of
> > Emacs, and Emacs is the standard editor for the GNU system, which I am
> > sure most of the people on this list are using.
> 
> Emacs is not `the standard editor', it is just one of the two most popular
> ones. More importantly, we need an editor in the b-f that everyone can
> use easily without having to know emacs, vi or any other editor.

"The ed utility is the standard text editor."
- ed(1)

-- 
 - mdz


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: woody release task needs help: package priorities

[Adrian Bunk]

On 12 May 2001, Peter Korsgaard wrote:

> > "Wolfgang" == Wolfgang Sourdeau <[EMAIL PROTECTED]> writes:
>
>  >> what do you think to include as basic editor? vim? and elvis-tiny
>  >> for boot-floopies?
>
>  Wolfgang> I am just experiencing zile and I find it quite good. And,
>  Wolfgang> btw, it is meant primarily for boot floppies.  Another
>  Wolfgang> argument is that zile is "kind of" a stripped-down version
>  Wolfgang> of Emacs, and Emacs is the standard editor for the GNU
>  Wolfgang> system, which I am sure most of the people on this list are
>  Wolfgang> using.
>
> Another option is e3. It is tiny (less than 10k and static linked) and
> it has keybindings for vi, emacs, wordstar, pico and nedit. On i386 it
> is written in 100% asm, but there is also a portable C version.

e3 is a nice editor. e3c isn't a second version of e3 since upstream is
more likely to remoce it than to make it a complete replacement of e3.

cu
Adrian (e3 maintainer)

-- 

Nicht weil die Dinge schwierig sind wagen wir sie nicht,
sondern weil wir sie nicht wagen sind sie schwierig.



-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: woody release task needs help: package priorities

[Glenn McGrath]

Bastian Blank wrote:
> 
> On Sat, May 12, 2001 at 03:46:13AM -0400, Adam Di Carlo wrote:
> >   aenot used as basic editor anymore, everyone seems to hate it
> 
> what do you think to include as basic editor? vim? and elvis-tiny for
> boot-floopies?
> 

The editor for boot floppies doesnt have to be very complex, probably
only be used to edit a config file.

busybox has a nice tiny vi editor that adds between 12 - 22kB to
busybox, doesnt depend on any graphics libraries, and should work on all
arch's, that could easily be used for boot floppies, but still vi isnt
very useable to newbies.

nano is very friendly and would be a good choice i think

Or if we manged to scrounge some extra space we could go all out and
include both, nano-tiny for newbies, vi for experts... that might be
tough though.

Glenn


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

mooks miss the point (was Re: woody release task needs help: package priorities)

[Adam Di Carlo]

You people are missing the point.

I don't care if exim stays or not!  I don't care who thinks what is a
good editor!  I wasn't asking for discussion on my list -- I was just
throwing out the list to show there are things there which MUST not be
standard (ftpd, telnetd).  That no body had really taken a look at it
since 1995.

I am asking for a volunteer.  Someone who will lead the discussion,
maintain a list, achieve consensus, work with the archive maintainers
(if they are not already an archive maintainer) and get the override
file good to go.  Probably all it takes is a well thought out bug
against ftp.debian.org.

Please!  Somebody volunteer!

-- 
.Adam Di [EMAIL PROTECTED]http://www.onshored.com/>


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: woody release task needs help: package priorities

[Ilya Martynov]

WA> postfix does not do IPv6
WA> postfix does not do TLS (not officialy and juding by comments on
WA>#debian-devel from today not reliably either)

Recently there was released new stable version of postfix. It does
support TLS. AFAIK it doesn't support IPV6 out of box right now. There
is exist patch for IPV6 support but it was not merged in last stable
release.

WA> postfix header rewriting isn't flexible

Never used exim so I can't compare.

WA> postfix uses multiple files instead of one big file, if that is better
WA> or worse is personal taste.

Actually it has only two config files. One small which defines various
services (local delivery agent, smtpd, etc) and another big config
file which configures all postfix services. Almost usually you edit
only second config.

-- 
 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
| Ilya Martynov (http://martynov.org/)|
| GnuPG 1024D/323BDEE6 D7F7 561E 4C1D 8A15 8E80  E4AE BE1A 53EB 323B DEE6 |
| AGAVA Software Company (http://www.agava.com/)  |
 -=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: woody release task needs help: package priorities

[Simon Richter]

On 12 May 2001, Adam Di Carlo wrote:

>   libident  why?  not used by other std package, pidentd
>   rblcheck  why standard?

These are used by exim IIRC.

   Simon

-- 
GPG public key available from http://phobos.fs.tum.de/pgp/Simon.Richter.asc
 Fingerprint: DC26 EB8D 1F35 4F44 2934  7583 DBB6 F98D 9198 3292
Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread!


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: woody release task needs help: package priorities

[Paulo Henrique Baptista de Oliveira]

I'm a simple user,
I think after install Debian base, switch from exim to
postfix is just a matter of apt-get install!
Regards, Paulo Henrique
Quoting Wichert Akkerman ([EMAIL PROTECTED]):
> Previously Jacob Kuntz wrote:
> > http://www.postfix.org/motivation.html
> 
> >From what I hear:
> 
> postfix does not do IPv6
> postfix does not do TLS (not officialy and juding by comments on
>#debian-devel from today not reliably either)
> postfix header rewriting isn't flexible
> postfix uses multiple files instead of one big file, if that is better
> or worse is personal taste.
> exim doesn't feel at all like sendmail to me, again that's just personal
> taste.
> 
> I still haven't seen a single good argument for switching the
> Debian default, just personal preferences.
> 
> Wichert.
> 
> -- 
>
>  / Generally uninteresting signature - ignore at your convenience  \
> | [EMAIL PROTECTED]  http://www.liacs.nl/~wichert/ |
> | 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0  2805 3CB8 9250 2FA3 BC2D |
> 
> 
> -- 
> To UNSUBSCRIBE, email to [EMAIL PROTECTED]
> with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
> 


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: woody release task needs help: package priorities

[Wichert Akkerman]

Previously Jacob Kuntz wrote:
> http://www.postfix.org/motivation.html

>From what I hear:

postfix does not do IPv6
postfix does not do TLS (not officialy and juding by comments on
   #debian-devel from today not reliably either)
postfix header rewriting isn't flexible
postfix uses multiple files instead of one big file, if that is better
or worse is personal taste.
exim doesn't feel at all like sendmail to me, again that's just personal
taste.

I still haven't seen a single good argument for switching the
Debian default, just personal preferences.

Wichert.

-- 
   
 / Generally uninteresting signature - ignore at your convenience  \
| [EMAIL PROTECTED]  http://www.liacs.nl/~wichert/ |
| 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0  2805 3CB8 9250 2FA3 BC2D |


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: woody release task needs help: package priorities

[Jacob Kuntz]

from the secret journal of Drew Parsons ([EMAIL PROTECTED]):
> Just for education's sake, what are the reasons you hold this opinion?
> 
> I use exim simply because it came standard.  I'd like to know why postfix is
> better.
> 

http://www.postfix.org/motivation.html

Postfix is a little bigger on disk than exim on, but it goes to great
lenghts to keep it's memory usage down, or at least consistent. As for
complexity, I run several sites using postfix, and my most complicated setup
has only 40 lines in main.cf. Exim still has a lot of the sendmail-ish feel
to it, like a really long config file and one big deamon running the show
(IIRC. It's been about 18 months since I stopped using exim). Postfix has a
sendmail compatibility interface (http://www.postfix.org/sendmail.1.html),
but under the hood is similar to qmail in design.

-- 
Jacob Kuntz
http://underworld.net/~jake


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: woody release task needs help: package priorities

[Wichert Akkerman]

Previously Sami Haahtinen wrote:
> how does something become standard?
>   - Someone has to make new standards, why shouldn't it be us.

There have to be good reasons to switch though. smail used to be
our standard, but exim was clearly a better choice: it was a lot
easier to configure and performed better as well.

I don't see a reason to change that default again: exim is easy
to configure, extremely flexible, has good documentation, performs
very well and has an excellent security record.

The fact that postfix is a viable alternative is not enough to change
a default imho.

Wichert.

-- 
   
 / Generally uninteresting signature - ignore at your convenience  \
| [EMAIL PROTECTED]  http://www.liacs.nl/~wichert/ |
| 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0  2805 3CB8 9250 2FA3 BC2D |


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: woody release task needs help: package priorities

[Sami Haahtinen]

On Sun, May 13, 2001 at 12:42:01AM +1000, Drew Parsons wrote:
> On Sat, May 12, 2001 at 03:46:13AM -0400, Adam Di Carlo wrote:
> > 
> > Here's a provisional list of packages which are standard or higher and
> > should not be:
> >   exim  we should move to postfix, IMHO
> 
> Just for education's sake, what are the reasons you hold this opinion?

opinions are like.. oh well i think you know this one.

> I use exim simply because it came standard.  I'd like to know why postfix is
> better.

how does something become standard?
  - Someone has to make new standards, why shouldn't it be us.

personally i like postfix as it is safe and easy to configure. (and no, i'm not
saying that exim is not safe)

-- 
  -< Sami Haahtinen >-
-< 2209 3C53 D0FB 041C F7B1  F908 A9B6 F730 B83D 761C >-


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: woody release task needs help: package priorities

[Drew Parsons]

On Sat, May 12, 2001 at 03:46:13AM -0400, Adam Di Carlo wrote:
> 
> Here's a provisional list of packages which are standard or higher and
> should not be:
>   exim  we should move to postfix, IMHO

Just for education's sake, what are the reasons you hold this opinion?

I use exim simply because it came standard.  I'd like to know why postfix is
better.

Drew

(p.s debian-devel: sorry for the resend, I wanted Adam to recieve the
question since he doesn't read d-d)

-- 
PGP public key available at http://dparsons.webjump.com/drewskey.txt
Fingerprint: A110 EAE1 D7D2 8076 5FE0  EC0A B6CE 7041 6412 4E4A


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: woody release task needs help: package priorities

[Tollef Fog Heen]

* Bastian Blank 

| On Sat, May 12, 2001 at 03:46:13AM -0400, Adam Di Carlo wrote:
| >   aenot used as basic editor anymore, everyone seems to hate it
| 
| what do you think to include as basic editor? vim? and elvis-tiny for
| boot-floopies?

nano-tiny

This has been decided alreay, please let's not go over that debate
again.

| >   dpkg-ftp  obsolete
| >   rcs   few use it
| 
| replace it with cvs

Have both, imho.

| >   lpr   not very secure for baseline, poss use lprng?
| 
| why a print daemon? most user doesn't need such service
| if it is necesary, why not use cups as standard?

CUPS breaks every second release, I've heard, and even the maintainer
didn't want to have it as the standard print system last time the
argument was raised.  IIRC, non-ECC memory.

| >   talk  rather obsolete, but debatable
| >   talkd not very secure for baseline

I want those.  They are very useful, and afaik, there are no security
problems with talkd.

| iamerican,ibritishhmm

No way.  Lots of users are non-American and non-British and don't care
for this.

| wenglish  I think it is only usefull with dict

ITYM ispell.

-- 

Tollef Fog Heen
Unix _IS_ user friendly... It's just selective about who its friends are.


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: woody release task needs help: package priorities

[Paul Martin]

On Sat, May 12, 2001 at 01:13:54PM +0200, Wichert Akkerman wrote:

> Emacs is not `the standard editor', it is just one of the two most popular
> ones. More importantly, we need an editor in the b-f that everyone can
> use easily without having to know emacs, vi or any other editor.

I seem to have picked up the feeling that nano-tiny is being considered
for this job.

-- 
Paul Martin <[EMAIL PROTECTED]>


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: woody release task needs help: package priorities

[Paul Martin]

On Sat, May 12, 2001 at 03:46:13AM -0400, Adam Di Carlo wrote:

>   exim  we should move to postfix, IMHO

Whilst I agree with you on all the others. postfix is 3 times the size
of exim, and a fraction harder to configure. (This isn't meant as
flamebait.)

-- 
Paul Martin <[EMAIL PROTECTED]>


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: woody release task needs help: package priorities

[Wichert Akkerman]

Previously Wolfgang Sourdeau wrote:
> Another argument is that zile is "kind of" a stripped-down version of
> Emacs, and Emacs is the standard editor for the GNU system, which I am
> sure most of the people on this list are using.

Emacs is not `the standard editor', it is just one of the two most popular
ones. More importantly, we need an editor in the b-f that everyone can
use easily without having to know emacs, vi or any other editor.

Wichert.

-- 
   
 / Generally uninteresting signature - ignore at your convenience  \
| [EMAIL PROTECTED]  http://www.liacs.nl/~wichert/ |
| 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0  2805 3CB8 9250 2FA3 BC2D |


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: woody release task needs help: package priorities

[Peter Korsgaard]

> "Wolfgang" == Wolfgang Sourdeau <[EMAIL PROTECTED]> writes:

 >> what do you think to include as basic editor? vim? and elvis-tiny
 >> for boot-floopies?

 Wolfgang> I am just experiencing zile and I find it quite good. And,
 Wolfgang> btw, it is meant primarily for boot floppies.  Another
 Wolfgang> argument is that zile is "kind of" a stripped-down version
 Wolfgang> of Emacs, and Emacs is the standard editor for the GNU
 Wolfgang> system, which I am sure most of the people on this list are
 Wolfgang> using.

Another option is e3. It is tiny (less than 10k and static linked) and
it has keybindings for vi, emacs, wordstar, pico and nedit. On i386 it
is written in 100% asm, but there is also a portable C version.

-- 
Bye, Peter Korsgaard


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: woody release task needs help: package priorities

[Josip Rodin]

On Sat, May 12, 2001 at 03:46:13AM -0400, Adam Di Carlo wrote:
>   These packages provide a reasonably small but not too limited
>   character-mode system.

>   exim  we should move to postfix, IMHO

Exim seems to be smaller and easier to configure.

>   vacation  why standard?

It was previously in bsdmainutils which is important.

>   rblcheck  why standard?

It was previously in dnsutils which is standard.

>   telnetd   not very secure for baseline

If we demote telnetd, then we better do the same with stuff like portmap and
all the NFS things, too.

-- 
Digital Electronic Being Intended for Assassination and Nullification


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: woody release task needs help: package priorities

[Wolfgang Sourdeau]

> "Bastian" == Bastian Blank <[EMAIL PROTECTED]> writes:

> [1  ]
> On Sat, May 12, 2001 at 03:46:13AM -0400, Adam Di Carlo wrote:
>> aenot used as basic editor anymore, everyone seems to hate it

> what do you think to include as basic editor? vim? and elvis-tiny for
> boot-floopies?

I am just experiencing zile and I find it quite good. And, btw, it is
meant primarily for boot floppies.
Another argument is that zile is "kind of" a stripped-down version of
Emacs, and Emacs is the standard editor for the GNU system, which I am
sure most of the people on this list are using.

> why a print daemon? most user doesn't need such service
> if it is necesary, why not use cups as standard?

LPRng is far more secure and robust than anything else. LPR is an
insecure pseudo-standard, while LPRng is more configurable, better
designed, more RFC-compliant. CUPS is nice too, but does lack a lot of
"drivers" in its free version, is buggy and a lot of security problems
are found too often.

> ipchains,ipmasqadmwoody includes kernel-source 2.4.x, so it
>   is obselete if using such kernel

Nope. Ipchains are still emulated. And people migrating from 2.2 will
likely appreciate having it at hand.


Wolfgang


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: woody release task needs help: package priorities

[Josip Rodin]

On Sat, May 12, 2001 at 11:33:30AM +0200, Bastian Blank wrote:
> >   rblcheck  why standard?
> 
> exim use this? i don't know

There would be a dependency between them if it did.

> mtoolsonly usefull for dos users

Considering of the number of DOS-formatted floppy disks in the world, not
having it in standard would be a pity.

-- 
Digital Electronic Being Intended for Assassination and Nullification


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: woody release task needs help: package priorities

[Bastian Blank]

On Sat, May 12, 2001 at 03:46:13AM -0400, Adam Di Carlo wrote:
>   aenot used as basic editor anymore, everyone seems to hate it

what do you think to include as basic editor? vim? and elvis-tiny for
boot-floopies?

>   setserial rather inappropriate for non-i386, AFAIK

also it isn't need with kernel 2.4 anyway, I think

>   libstdc++2.9  obsolete
>   libident  why?  not used by other std package, pidentd
>   exim  we should move to postfix, IMHO


exim: Installed-Size: 1072
postfix: Installed-Size: 3223

>   dpkg-ftp  obsolete
>   rcs   few use it

replace it with cvs

>   vacation  why standard?
>   fingerd   not very secure for baseline
>   ftpd  not very secure for baseline
>   lpr   not very secure for baseline, poss use lprng?

why a print daemon? most user doesn't need such service
if it is necesary, why not use cups as standard?

>   nfs-kernel-server  why standard in god's name?
>   rblcheck  why standard?

exim use this? i don't know

>   talk  rather obsolete, but debatable
>   talkd not very secure for baseline
>   telnetd   not very secure for baseline

other standard packages:

bin86 obselete with 2.2.x kernel AFAIK
gcc-3.0,gcc-3.0-base,cpp-3.0  if it is stable at release time this
  will be okay
iamerican,ibritishhmm
ipchains,ipmasqadmwoody includes kernel-source 2.4.x, so it
  is obselete if using such kernel
libnss-db which user need this?
mtoolsonly usefull for dos users
wenglish  I think it is only usefull with dict

bastian

-- 
The sight of death frightens them [Earthers].
-- Kras the Klingon, "Friday's Child", stardate 3497.2

 PGP signature

Re: woody release task needs help: package priorities

[Wichert Akkerman]

Previously Adam Di Carlo wrote:
>   exim  we should move to postfix, IMHO

FWIW, I disagree, and I'ld like to see some really good arguments before
we make a change like that.

Wichert.

-- 
   
 / Generally uninteresting signature - ignore at your convenience  \
| [EMAIL PROTECTED]  http://www.liacs.nl/~wichert/ |
| 1024D/2FA3BC2D 576E 100B 518D 2F16 36B0  2805 3CB8 9250 2FA3 BC2D |


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

Re: woody release task needs help: package priorities

[Alexander Koch]

On Sat, 12 May 2001 03:46:13 -0400, Adam Di Carlo wrote:
>   exim  we should move to postfix, IMHO

Let's not go over this again, but why change at all if it is
working ok? We should all have better things than to worry
about such things.

-ako


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]

woody release task needs help: package priorities

[Adam Di Carlo]

Woody installation (via boot-floppies, base-config, tasksel, apt) will
change from Potato in that, normally, all packages marked as standard
will be marked for installation.

Citing Policy:

 `standard'
  These packages provide a reasonably small but not too limited
  character-mode system.  This is what will install by default if
  the user doesn't select anything else.  It doesn't include many
  large applications, but it does include Emacs (this is more of a
  piece of infrastructure than an application) and a reasonable
  subset of TeX and LaTeX.


This has never been done before by boot-floppies as a rather known
oversight, mostly because some many nasty and insecure and useless
packages are marked as standard.

I would appreciate it if someone or some team would work with archive
maintainers and work this out.

Here's a provisional list of packages which are standard or higher and
should not be:

  aenot used as basic editor anymore, everyone seems to hate it
  setserial rather inappropriate for non-i386, AFAIK
  libstdc++2.9  obsolete
  libident  why?  not used by other std package, pidentd
  exim  we should move to postfix, IMHO
  dpkg-ftp  obsolete
  rcs   few use it
  vacation  why standard?
  fingerd   not very secure for baseline
  ftpd  not very secure for baseline
  lpr   not very secure for baseline, poss use lprng?
  nfs-kernel-server  why standard in god's name?
  rblcheck  why standard?
  talk  rather obsolete, but debatable
  talkd not very secure for baseline
  telnetd   not very secure for baseline

There are probably packages not in standard that should be, I'll leave
that to others.

-- 
.Adam Di [EMAIL PROTECTED]http://www.onshored.com/>


-- 
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]