Re: Security through paranoia 2, with proposal...
On Sun, Apr 01, 2001 at 10:18:16AM +0200, Jan Niehusmann wrote:
> On Sun, Apr 01, 2001 at 02:17:47AM +0200, Tollef Fog Heen wrote:
> > * Ola Lundqvist
>
> > | Depends: apache-ssl | apache_mod-ssl (if apache), uw-imap-ssl (if uw-imap) ...
> > | Conflicts: telnetd
> > | Recommends: ! talkd
> > | Suggests: kernel-image-2.4.2-harden
>
> > IMHO it should only conflict, it shouldn't depend on apache-ssl, for
> > instance. If this is a mail or DNS server, I might want to install
> > task-harden without installing a web server.
>
> This is exactly what the depends-if clause is meant for: You can install
> hardened without apache, but if you install apache, you must install
> apache-ssl too.
Thanks fot the clarification.
> But I think this case can still be solved without depends-if. Instead, we
> would need another virtual package, apache-non-ssl. Then we could do:
Ahh. This was a cleaner way than I suggested. Thanks. Now we can really
do this :) Great!
> Package: apache
> Depends: apache-non-ssl | apache-ssl
>
> Package: task-hardened
> Conflicts: apache-non-ssl
Anyone who wants to create this task-harden package? If not I'll do
it because I think it is really needed.
> This way, the same combinations as with the depends-if clause are possible.
Regards,
// Ola
--
--------------------- Ola Lundqvist ---------------------------
/ opal@debian.org Björnkärrsgatan 5 A.11 \
| opal@lysator.liu.se 584 36 LINKÖPING |
| +46 (0)13-17 69 83 +46 (0)70-332 1551 |
| http://www.opal.dhs.org UIN/icq: 4912500 |
\ gpg/f.p.: 7090 A92B 18FE 7994 0C36 4FE4 18A1 B1CF 0FE5 3DD9 /
---------------------------------------------------------------
Reply to: