[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index][Old Index]
I tried to build rrdtool the other day because freetype2 (which it depends on)
has a vulnerability and I like fixing my daily insecurity reports.
I became a little bit concerned when "make package" started build various low
level X libraries. My server isn't very quick, and even though I don't build on
my production box, it still wasn't going to be quick. I turned off the X
dependency and started the build again. This time it decided to build FAM.
I'm sure there are reasons why these dependencies are there, but if you tell
someone that we need to have X libraries and FAM installed on a NetBSD web
server in order to publish RRD graphs, they'll tell you that we have reached the
absurdum in reductio ad absurdum. Unfortunately the package dependency tools
haven't been as helpful as I would like. pkgdep doesn't seem to work right now,
and pkgdepgraph works on installed package dependencies. If I can get a package
dependency graph it might help find somewhere to conveniently prune the graph by
switching off a default dependency.
Does anyone else really care? Those of us deploying systems into sensitive
environments certainly value minimised installs rather than the Linux approach
of everything except the stuff you need.
Senior Systems Programmer
Ph: +64 4 890 2437
Main Index |
Thread Index |