Re: How granular should a package{,set} be?
> The "upgraded independantly" is a good point. As an
> in-development package, I wouldn't at the point be
> entirely happy with people running older versions if
> they wanted stability.
You can use versioned Depends for that, if that is necessary.
If not necessary, don't do this. But during heavy development, versioned
depends are ok (if you don't know yet that they play together well)
But don't expect people to run different versions ;) expect them to
upgrade every day, because lot's of debian unstable users do have the
"upgraditis" virus ;)
What i meant is p.e. splitting of data from program code.
So a game putting the sound data files, graphics, levels and binaries into
separate packages can be very useful: people will (might) have to
download the binary and level packages only for an upgrade.
or someone might do a "other levels" package, providing a different
level set for the same game.
--[ so back to off-topic ]--
i don't want to stop you from doing this.
Good additional proxies would be great.
But better do one proxy right than 10 proxies insecure.
That's what scares me most: you want to do everything.
Next you want to do traffic shaping as well (which is a pain in the ass,
even with the tc tool, but even more by doing rtnetlink yourself...
but the possibilites are great...) next step is then writing the tcp
stack yourself.
In Security, it is most important to have secure and reliable features,
quantity is much less important than quality.
But remember: don't let me discourage you. Especially this discussion is
independant of the Debian packages, i'm not even yet a maintainer
myself.
> "another proxy"? Please point me to a decent, non-abandoned,
> Free software proxy firewall kit. I know only of Zorp, and
"Proxy Suite" from SuSE? I think they have released only ftp yet,
though... and the homepage disappeared during the redesign :-(
Than i've seen the "falcon firewall project"
there might be even more.
"Astaro Security Linux" is a linux distribution with your goals i think.
Ok, none of them is as complete (or aims to be, i think) as yours.
> As to the security aspects, I'd much rather you didn't make
> such implications without at least having a look for yourself.
i'm just afraid of security holes; but that's why i stated this was just
what came into my mind first: i wanted to state that i didn't do so.
> One of my design goals is that it be possible to audit the kit
> merely by reading the source through once. The code isn't
that does sound great ;)
> Please point me towards an existing, audited, maintained,
> free software ftp gateway. Or a nice, unified, access-
Just to give a few existing, mostly maintained and quite some audited
proxy servers for differen protocols:
ftp-proxy: ftp proxy server from SuSE
jftpgw: ftp proxy / gateway
perdition: pop3 and imap4 proxy server
oops: http caching proxy server
squid: http caching proxy server
tinyproxy: http proxy server
muffin: personal http proxy (like rabbit, wwwoffle, filterproxy, junkbuster)
socks4-server: socks server
tsocks: transparent socks proxy
dante: socks server
smtpd: mail proxy for firewalls
plum: irc proxy
madoka: irc proxy
dircproxy: irc proxy
ezbounce: irc proxy
bnc: irc proxy
pdnsd: dns proxy
pkspxy: pgp public key server proxy
xfwp: X proxy
openh323: internet telephony (can be used for proxying)
> control framework more suited to gateways than tcpd.
xinetd, rlinetd? rinetd?
> Because I don't want a caching http proxy with good
> performance (though the latter wiould be nice). I want
> an Obviously Safe To Run http proxy which supports the
> access-control mechanism that I have designed.
i don't know if dhttpd, boa, etc. would fulfill the first requirement,
but the second is actually a "no, i don't want to use other software" ?
If your access-control mechanisms are that good, why don't you ask the
others to support them, too?
Even if you are going to write one yourself, this could ease migration
to your suite.
Just my 2¢, and happy hacking.
Greetings,
Erich
Reply to: