[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security through paranoia 2, with proposal...

On Sun, Apr 01, 2001 at 10:18:16AM +0200, Jan Niehusmann wrote:
> On Sun, Apr 01, 2001 at 02:17:47AM +0200, Tollef Fog Heen wrote:
> > * Ola Lundqvist
> 
> > | Depends: apache-ssl | apache_mod-ssl (if apache), uw-imap-ssl (if uw-imap) ...
> > | Conflicts: telnetd
> > | Recommends: ! talkd
> > | Suggests: kernel-image-2.4.2-harden
> 
> > IMHO it should only conflict, it shouldn't depend on apache-ssl, for
> > instance.  If this is a mail or DNS server, I might want to install
> > task-harden without installing a web server.
> 
> This is exactly what the depends-if clause is meant for: You can install
> hardened without apache, but if you install apache, you must install
> apache-ssl too. 

Thanks fot the clarification.

> But I think this case can still be solved without depends-if. Instead, we
> would need another virtual package, apache-non-ssl. Then we could do:

Ahh. This was a cleaner way than I suggested. Thanks. Now we can really
do this :) Great!

> Package: apache
> Depends: apache-non-ssl | apache-ssl
> 
> Package: task-hardened
> Conflicts: apache-non-ssl

Anyone who wants to create this task-harden package? If not I'll do
it because I think it is really needed.

> This way, the same combinations as with the depends-if clause are possible.

Regards,

// Ola

-- 
 --------------------- Ola Lundqvist ---------------------------
/  opal@debian.org                     Björnkärrsgatan 5 A.11   \
|  opal@lysator.liu.se                 584 36 LINKÖPING         |
|  +46 (0)13-17 69 83                  +46 (0)70-332 1551       |
|  http://www.opal.dhs.org             UIN/icq: 4912500         |
\  gpg/f.p.: 7090 A92B 18FE 7994 0C36  4FE4 18A1 B1CF 0FE5 3DD9 /
 ---------------------------------------------------------------
Reply to: