Date: Wed, 5 Mar 2003 02:14:16 -0800 (PST) From: Doug Barton <DougB@FreeBSD.org> To: Subscriber <subscriber@insignia.com> Cc: "FreeBSD-Current (E-mail)" <freebsd-current@freebsd.org> Subject: Re: Plea for base system trim Message-ID: <20030305015947.M18288@znfgre.tberna.bet> In-Reply-To: <2F03DF3DDE57D411AFF4009027B8C36704129AE6@exchange-uk.isltd.insignia.com> References: <2F03DF3DDE57D411AFF4009027B8C36704129AE6@exchange-uk.isltd.insignia.com>
next in thread | previous in thread | raw e-mail | index | archive | help
On Wed, 5 Mar 2003, Subscriber wrote:
> Would the powers that be please consider removing sendmail,
> bind and openssl from the base system, as was done for perl
> with 5.0?
This topic has been discussed ad nauseum, and the consensus has always
been that those three things (and openssh) should stay in. Please see the
archives for the reasoning. For example, as BIND maintainer I actually
_support_ the theory of removing BIND, however the reality is a little
different. There are three main components of BIND; the named stuff
(sbin/named, sbin/ndc, etc.), the userland stuff (dig, host, etc.), and
the resolver library. Of those three things, we actually need the last two
in order to include ourselves in a useful definition of "Unix system"
(although I'd LOVE to nuke nslookup, if I thought I could ever live down
the whining and crying it would cause). So keeping BIND in the base
actually serves a purpose. Similar arguments can be made for the other
components you listed.
Now that said, I've been working off and on to make it easier to replace
parts of the base with stuff from the ports. Both BIND ports have
PORT_REPLACES_BASE_ Makefile options, and I know that they are useful
because I use them at work. I have a proposal document and some patches
that both need polishing to create a "standard" way to do this. My long
term goal (although this is not necessarily shared by other people in the
project) is to make it easier to create a modular system that takes
advantage of the ports exclusively for contrib code. Of course, we've been
talking about this for 8 years too, so don't hold your breath. :)
> Having just done two rebuilds for recent OpenSSL and sendmail
> vulnerabilities, I was surprised to discover that building the port
> of apache13-modssl required the build of a port version of
> OpenSSL when I had the most updated (4.7) base system with
> OpenSSL in it!.
That sounds like a mistake to me, but I'm not familiar with the details.
Doug
--
This .signature sanitized for your protection
To Unsubscribe: send mail to majordomo@FreeBSD.org
with "unsubscribe freebsd-current" in the body of the message
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20030305015947.M18288>