[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security through paranoia 2, with proposal...

* Ola Lundqvist 

| Depends: apache-ssl | apache_mod-ssl (if apache), 
| But maybe that is too hard to implement, or?

Virtual packages.  The same way that apache and boa provides httpd,
there is nothing saying that one can't have 'httpsd' as well, which is
provided by apache-ssl, libapache-mod-ssl, boa-ssl (except that
boa-ssl doesn't exist ;).  (For this particular case, which IMHO would
be solved in a cleaner way with virtual packages than with if-based

| So with this approach a task-harden control files could look
| something like this: (not complete!)
| Depends: apache-ssl | apache_mod-ssl (if apache), uw-imap-ssl (if uw-imap) ...
| Conflicts: telnetd
| Recommends: ! talkd
| Suggests: kernel-image-2.4.2-harden

IMHO it should only conflict, it shouldn't depend on apache-ssl, for
instance.  If this is a mail or DNS server, I might want to install
task-harden without installing a web server.


Tollef Fog Heen
Unix _IS_ user friendly... It's just selective about who its friends are.

Reply to: