releases and stuff

Archaic archaic at
Tue Nov 9 07:55:21 PST 2004

On Tue, Nov 09, 2004 at 03:04:24PM +0000, Bennett Todd wrote:
> And, as we've been discussing, it's appealing doing the entire
> build as a non-priv user.

As I was trying to point out, that can be done entirely without a
destdir. I've been using the more_control hint for at least 2 years.
Either way, if the book goes the route of non-root installs (which
sounds, in theory, like a very good idea), there will be *loads* of
extra text dealing with specific little package niggles.

> Another advantage of software packaging, that might be worth
> considering, is that the tooling automation it provides can help in
> tracking and incorporating updates to upstream versions --- such as
> security fixes.

But eventually we have to get to the following questions;

What do we use for a package manager?

Is this book primarily for building a hardened server, or teaching how
to build a hardened server? (or where on the scale should we be?)

What role do we take in teaching good admin *practices* versus teaching
how to admin a box?

> It can also make it easier to partition work, maintaining individual
> packages, perhaps by different people.

Yes, but multiple admins is a highly debatable, highly personal, and
highly advanced topic. I know you are using it in context of supporting
evidence, but I just wanted to throw out there for everyone that that is
not something we should use as a means of justifying package management.
It should be for us (i.e. the writers and readers)  merely a possible
enhancement gained by using package management.

There should be no doubt as to the validity of package management in a
secure environment. To me, that seems as elementary as the concept of
building a new (or updated) package on the devel box and *testing* it
before moving it to the real server.

One point I must make is that I try as much as possible to remove my own
feelings and preferences from the decision making process because I
don't by any stretch of imagination have a lock on the best way to do
things. I'm seeking what is best for the book. I appreciate the fact
that you do the same as well as conjuring up thought provoking questions
that will lead us to a more balanced view of the overall design.


Never could an increase of comfort or security be a sufficient good to
be bought at the price of liberty.

- Hillaire Belloc

More information about the hlfs-dev mailing list