Hi On 01/23/2017 09:31 AM, Michael Tokarev wrote: > 23.01.2017 10:55, Rob J. Epping wrote: >> Hi, >> >> qemu 1:2.8+dfsg-1 has hit jessie-backorts. >> >> With the fix for bug #839695 my server now wants to install 67 X11/GTK >> related new packages. This is on a headless server where this is just >> more atack surface, i.e. less security. >> >> Would it be possible to make the X11/GTK stuff optional? Maybe by >> creating 2 binary versions for example a -gtk and a -nox version. > > Please see #813658 . > > In brief, being a 20+ years paranoic sysadmin myself, I don't see it > being a security treat. Either we fix all needed X client libs to > not depend on X itself (ie, being split into a headless and headful > part), or we live with this. > > People want features even on a headless server (eg, 3d support via > spice), -- this will bring half of X anyway. So making just display > optional doesn't work.
Let me be the voice of other people who do not need any graphical stuff. For me personally, I only run headless virtual machines on a headless server and do not want to install all the additional libraries. As an example, some people want vim with GTK support and some don't. So there is a bunch of vim packages available. I guess what I want put forward is that I like to have a choice here, similar to vim-nox and vim-gtk. > Thanks, > > /mjt THNX && GRTNX, RobJE
signature.asc
Description: OpenPGP digital signature
