I strongly urge that you consult the Xubuntu Strategy Document here: https://docs.xubuntu.org/contributors/xsd.html
This crosses many lines. Most of what you propose to do makes for fragile systems as well as ones that will break easily. Having looked at CVE-2020-8833 it frankly seems like you are fear-mongering about apport. Bloat is often discerned differently. While change is always possible this proposal may need scaling back a bit. Stephen Michael Kellat On Dec 6, 2020, at 12:10 PM, s0me...@disroot.org wrote: Hi everyone, first of all thank you for making and keeping Xubuntu what it is - namely great! Now I know Xubuntu wants to give an easy and comfortable experience out of the box, but the downside of that is quite some bloat. While there are also lots of people simply looking for a reliable and also minimalist system, I'm aware we are still not that many, so it makes sense to keep the focus on the average user. -Issues with Xubuntu Core- And I'm aware of Xubuntu Core, and it's quite an improvement, but has some issues in my opinion: -While it's mentioned in the latest release notes for example, the iso still appears to be not officially supported, which I think makes it unfortunately not suitable for productive use (please correct me on that if that's not true) -Canonical apparently doesn't want to further provide the netboot-MinimalCD, so without that, it seems there isn't an reliable way to even get it installed from 20.10 on (and simply release-upgrading the 20.04-ubuntu-MinimalCD-install to 20.10 lead to a broken system when I tried). -And most importantly, even Xubuntu Core appears to be quite bloated: When looking at the package list: https://unit193.net/xubuntu/core/pending/xubuntu-20.10-core-amd64.iso.manifest - it still contains for example Snapd(!), apport (bugreports should be strictly opt-in I think), Cups with all kinds of printer drivers (many not removeable without triggering the removal of the whole system core), bluez, all kinds of rare asian or arabic fonts (I get that one, but still), modemmanager, xubuntu-wallpapers *-docs *-artwork (I get that too, but still not strictly necessary), ppp, ftp, gparted ... and many more. -Why even bother?- Now the actual footprint of some of the packages might be small individually (though not snapd and cups as far as I'm aware), but it's still at least a security flaw to have countless unused/unnecessary packages (that may also listen on ports), as for example merely the package 'apport' could be used in an exploit some time ago to compromize the whole system. So I think it's absolutely crucial to keep the package count as small as possible while keeping the core functionality. -Debloating Script- That's why I use a debloating script post install to turn a standard xubuntu install into something close to a xubuntu barebone, but I'm not a developer and there is most likely still a lot of potential. So I will post at the end of this mail the list I use to reduce the package count while keeping the functionality, and would ask you if you have any suggestions for further improvement, to make it even more barebone. The eventual improved list/script could be provided for example on the github page for advanced users. I think this is the least invasive way to provide an option for such a system in case you don't want to touch Xubuntu Core as it is now, and don't have time or interest for a modular installer. -Use case- The system use case is a standard laptop used for browsing and a somewhat advanced user at osi-layer 8 who will then take the barebone and simply install what he needs and wants manually (and without recommended packages), while not having any fringe usecases (e.g. package modemmanager, mobile-broadband-provider-info) and no need for printers, scanners, bluetooth or pretty much anything apart from the barebone system that won't also be installed automatically when setting up the preferred software. System settings are mostly applied via copying the backup-.config folder. -Harder to remove- What I have avoided to remove so far are a lot of packages that will trigger the whole removal of some system core - like the removal of the printer drivers does for example: apt purge --autoremove printer-driver* - triggers the removal of ca. 70 packages (on a standard-Xubuntu-iso install), many crucial. While I know this can be overcome and am sure these are absolutely useless after removing cups, I still might not be aware of packages expecting them to exist. So this is something I can not reliable solve because I don't have the in-depth knowledge of the packagemanagement, and while I can look at dependencies, it only tells me so much. -The debloating list so far- So here is what I remove post install from a standart Xubuntu Iso. After the terminal commands I give it as an alphabetical list as well, for increased readability. I used mostly synaptic to look at the description and dependencies. If I can present that in a more readable way for you please let me know. #removing also software I want use to reinstall it without recommended packages sudo apt-get purge --autoremove whoopsie apport popularity-contest cups snapd mate-calc gimp firefox ristretto engrampa thunderbird atril xfburn pidgin simple-scan gnome-mines gnome-sudoku sgt-puzzles libreoffice-core libreoffice-base-core unattended-upgrades "bluez*" fonts-kacst* fonts-lao fonts-takao-pgothic fonts-tlwg* fonts-nanum fonts-khmeros-core fonts-smc-* fonts-kacst fonts-kacst-one fonts-khmeros-core fonts-lklug-sinhala fonts-guru fonts-nanum fonts-noto-cjk fonts-takao-pgothic fonts-tibetan-machine fonts-guru-extra fonts-lao fonts-sil-padauk fonts-sil-abyssinica fonts-tlwg-* fonts-lohit-* fonts-beng fonts-beng-extra fonts-gargi fonts-gubbi fonts-gujr fonts-gujr-extra fonts-kalapi fonts-lohit-gujr fonts-samyak-* fonts-navilu fonts-nakula fonts-orya-extra fonts-pagul fonts-sahadeva fonts-sarai fonts-smc fonts-telu-extra fonts-wqy-microhei synaptic #(re-)installation of software without recommended packages: sudo apt-get install --no-install-recommends apparmor bleachbit firefox gimp ristretto catfish evince galculator parole engrampa libreoffice-writer libreoffice-gtk3 mousepad -y #purging part 2, also because even the non-recommendation-installs have some unnecessary stuff like gimp-help-common gimp-help-en libreoffice-help-en-us liblibreoffice-java #what would be necessary to keep/install for secure boot: secureboot-db shim mokutil sudo apt-get purge --autoremove cups cups-common cups-browsed cups-core-drivers cups-daemon cups-server-common cups-browsed cups-bsd cups-client cups-common cups-core-drivers cups-daemon cups-filters cups-filters-core-drivers cups-ipp-utils cups-pk-helper cups-ppdc cups-server-common mobile-broadband-provider-info secureboot-db shim mokutil yelp xfce4-screensaver wamerican wbritish firefox-locale-en gnome-software java-common xfce4-dict xfce4-notes transmission-gtk xcursor-themes xfce4-cpugraph-plugin xfce4-dict xfce4-mailwatch-plugin xfce4-netload-plugin xfce4-notes xfce4-notes-plugin xfce4-places-plugin xfce4-systemload-plugin xfce4-verve-plugin xfce4-weather-plugin xfce4-xkb-plugin xfpanel-switch mugshot fonts-droid-fallback gucharmap fonts-symbola gnome-font-viewer gigolo rsync gnome-accessibility-themes at-spi2-core colord onboard usbmuxd thunar-media-tags-plugin speech-dispatcher pastebinit gimp-help-common gimp-help-en gnome-menus gnome-system-tools bolt system-config-printer gnome-themes-extra gnome-themes-extra-data ftp mlocate brltty xfce4-indicator-plugin software-properties-gtk xfce4-indicator-plugin software-properties-gtk gvfs-backends pptp-linux gdb aspell aspell-en avahi-daemon bash-completion xserver-xorg-video-qxl printer-driver-c2esp printer-driver-foo2zjs printer-driver-min12xxw printer-driver-pxljr printer-driver-sag-gdi printer-driver-ptouch printer-driver-foo2zjs-common printer-driver-brlaser ppp manpages info xserver-xorg-input-synaptics pavucontrol gstreamer1.0-plugins-bad sane-utils gnome-disk-utility xfce4-taskmanager pidgin-otr espeak appstream apt-config-icons gstreamer1.0-tools liblcms2-utils libreoffice-style-elementary usb-modeswitch xubuntu-community-wallpapers-* xubuntu-docs os-prober build-essential g++ g++-10 libreoffice-help-en-us liblibreoffice-java pocketsphinx-en-us foomatic-filters xfce4-panel-profiles modemmanager lightdm-gtk-greeter-settings efibootmgr install-info The former purged packages in lines and alphabetical order: (stripped of the packages simply purged to directly reinstall without recommendations) apport appstream apt-config-icons aspell aspell-en at-spi2-core avahi-daemon bash-completion bluez* bolt brltty build-essential colord cups cups-browsed cups-bsd cups-client cups-common cups-core-drivers cups-daemon cups-filters cups-filters-core-drivers cups-ipp-utils cups-pk-helper cups-ppdc cups-server-common efibootmgr espeak firefox-locale-en fonts-beng fonts-beng-extra fonts-droid-fallback fonts-gargi fonts-gubbi fonts-gujr fonts-gujr-extra fonts-guru fonts-guru-extra fonts-kacst fonts-kacst* fonts-kacst-one fonts-kalapi fonts-khmeros-core fonts-lao fonts-lklug-sinhala fonts-lohit-* fonts-lohit-gujr fonts-nakula fonts-nanum fonts-navilu fonts-noto-cjk fonts-orya-extra fonts-pagul fonts-sahadeva fonts-samyak-* fonts-sarai fonts-sil-abyssinica fonts-sil-padauk fonts-smc fonts-smc-* fonts-symbola fonts-takao-pgothic fonts-telu-extra fonts-tibetan-machine fonts-tlwg* fonts-tlwg-* fonts-wqy-microhei foomatic-filters ftp g++ g++-10 gdb gigolo gimp-help-common gimp-help-en gnome-accessibility-themes gnome-disk-utility gnome-font-viewer gnome-menus gnome-mines gnome-software gnome-sudoku gnome-system-tools gnome-themes-extra gnome-themes-extra-data gstreamer1.0-plugins-bad gstreamer1.0-tools gucharmap gvfs-backends info install-info java-common liblcms2-utils liblibreoffice-java libreoffice-help-en-us libreoffice-style-elementary lightdm-gtk-greeter-settings manpages mate-calc mlocate mobile-broadband-provider-info modemmanager mokutil mugshot onboard os-prober pastebinit pavucontrol pidgin pidgin-otr pocketsphinx-en-us popularity-contest ppp pptp-linux printer-driver-brlaser printer-driver-c2esp printer-driver-foo2zjs printer-driver-foo2zjs-common printer-driver-min12xxw printer-driver-ptouch printer-driver-pxljr printer-driver-sag-gdi rsync sane-utils secureboot-db sgt-puzzles shim simple-scan snapd software-properties-gtk speech-dispatcher synaptic system-config-printer thunar-media-tags-plugin thunderbird transmission-gtk unattended-upgrades usb-modeswitch usbmuxd wamerican wbritish whoopsie xcursor-themes xfburn xfce4-cpugraph-plugin xfce4-dict xfce4-indicator-plugin xfce4-mailwatch-plugin xfce4-netload-plugin xfce4-notes xfce4-notes-plugin xfce4-panel-profiles xfce4-places-plugin xfce4-screensaver xfce4-systemload-plugin xfce4-taskmanager xfce4-verve-plugin xfce4-weather-plugin xfce4-xkb-plugin xfpanel-switch xserver-xorg-input-synaptics xserver-xorg-video-qxl xubuntu-community-wallpapers-* xubuntu-docs yelp -What else can be removed?- Now going from a standard Xubuntu iso, what packages could further be removed? (Or the other case, are there some of these that absolutely shouldn't be removed at all - from a security perspective? Though I'm pretty sure these are safe to remove.) I think the Xubuntu github page would be a great place for such a post-install debloating script or list, for users who want their system as minimal as possible and go from there, without having to rely on any particular (unofficial?) iso, but being able to simply use the standard one. Of course there should ideally be a note or wiki-entry with a few explanations for users who still want to use it, but also want to print for example, and I would help with that. Greetings Michael -- xubuntu-devel mailing list xubuntu-devel@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/xubuntu-devel
-- xubuntu-devel mailing list xubuntu-devel@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/xubuntu-devel
