Posted Jun 23, 2007 1:10 UTC (Sat) by jmorris42
In reply to: Counting vulnerabilities
Parent article: Counting vulnerabilities
> reminder that we should be aggressively weeding newly installed systems for unused software.
Always sound advice, but becoming harder to do. The minimum RPM transaction to bootstrap RHEL4's packageset is 75. That gets you rpm installed and not much else. Drop in the next 84 package interdependent bundle and you will have vim-minimal available. There are literally hundreds of packages on a typical system that aren't really being used but can't be removed because some other little used package has a tenuous relationship with it.
Servers with no sound capability that must have alsa-lib because gnome-libs and kdebase ultimately depend on it.
Well a RHEL4 server certainly doesn't need ogg support, right? If you stick to the recommended GNOME desktop it doesn't, but kdebase does depend on it.
Don't have a Palm(tm) device? Well you need to keep it installed if you use Evolution.
Or check this dependency trail. On a system running only GNOME, certainly there shouldn't be a need to keep Qt hanging around right? Wrong. Qt is needed by arts, with is needed by gstreamer-plugins -> gnome-applets -> gnome-media -> nautilus-media -> rhythmbox -> gnome-volume-manager -> gnome-session-manager. So remove Qt and by the time the cascade settles gnome is toast.
to post comments)