Re: Uninstalling a package removes other essential packages: What is the best course of action?
> No, I don't have the technical knowledge to audit libthai. My point is that
> why pull in non-English dependencies for an English-language
> installation....Doing so may increase the chance of attacks by hackers.
It's pretty hard to know what might be needed and what not.
Even monolingual computer users may very well want to see characters
written in non-latin scripts on their screen. Whether it's math
symbols, emojis, or names of coworkers of Thai origins.
It's also hard to write the code in such a way that you can have support
for Thai scripts and latin scripts but not other scripts.
And of course, the same issue holds for completely different aspects
such as support for hardware devices you'll never use, or support for
file formats you'll never use, or support for specific features of your
programs which you'll never use.
If we could generate an installation image of Debian special-custom-made
to only support the functionality that you will use, and really remove
all the code and data that can be removed without affecting your
experience, I suspect that image would be *significantly* smaller.
And arguably more secure as well, as you point out.
But it's damn hard to do it automatically. And before we can start
doing it, we'd need to know the future (which functionality will you
use). So instead, we have to satisfy ourselves with the very crude
approximation offered by Debian's choice of packages to install :-(
Some distributions offer a bit more control, BTW. I'm thinking of
distributions like OpenWRT, or Gentoo. But what they offer is still
very crude compared to what could be done in theory, with unlimited
programmer-resources.
Stefan
Reply to: