Re: Security through paranoia 2, with proposal...
- To: Tollef Fog Heen <tollef@add.no>
- Cc: debian-devel@lists.debian.org
- Subject: Re: Security through paranoia 2, with proposal...
- From: Jan Niehusmann <jan@debian.org>
- Date: Sun, 1 Apr 2001 10:18:16 +0200
- Message-id: <[🔎] 20010401101816.A436@gondor.com>
- In-reply-to: <87hf09a2xg.fsf@arabella.intern.opera.no>; from tollef@add.no on Sun, Apr 01, 2001 at 02:17:47AM +0200
- References: <20010331210209.AC0D3124045@thespectra.cjb.net> <20010331232537.B31921@diamond.opal.dhs.org> <87hf09a2xg.fsf@arabella.intern.opera.no>
On Sun, Apr 01, 2001 at 02:17:47AM +0200, Tollef Fog Heen wrote:
> * Ola Lundqvist
> | Depends: apache-ssl | apache_mod-ssl (if apache), uw-imap-ssl (if uw-imap) ...
> | Conflicts: telnetd
> | Recommends: ! talkd
> | Suggests: kernel-image-2.4.2-harden
> IMHO it should only conflict, it shouldn't depend on apache-ssl, for
> instance. If this is a mail or DNS server, I might want to install
> task-harden without installing a web server.
This is exactly what the depends-if clause is meant for: You can install
hardened without apache, but if you install apache, you must install
apache-ssl too.
But I think this case can still be solved without depends-if. Instead, we
would need another virtual package, apache-non-ssl. Then we could do:
Package: apache
Depends: apache-non-ssl | apache-ssl
Package: task-hardened
Conflicts: apache-non-ssl
This way, the same combinations as with the depends-if clause are possible.
Jan
--
OpenPGP-signierte bzw. -verschlüsselte Mail erwünscht
EMail-Key: 1024D/F12DA065 (=> Keyserver oder auf Anfrage)
Reply to: