On Wed, 31 May 2006 00:40:01 +0200 Daniel Mueller wrote:
On Monday 29 May 2006 22:36, Brett Goulder wrote:
1. move /etc/rc.d/net to iproute2 The consensus here was that we'll move /etc/rc.d/net to iproute2 for 2.3 but keep shipping net-tools
If iproute2 is smaller/simpler/better in some way to ifconfig, then I'm all for it.
It's not smaller and it's not simpler [1]. It is the only tool that takes advantage of recent kernel network features [2].
2. use PAM This has to be investigated, it's a tough balance between features and simplicity; integrating CRUX into certain infrastructures can be rather hard without PAM, and the transition seems painful. We need to evaluate the impact of this before deciding
I think we're better off without it, CRUX is, after all, a distribution following the KISS way of life, so complexity like this seems wrong. I would probably end up modifying half of core/opt/contrib to kill PAM from my system and I think others who enjoy the simplicity of CRUX would probably get annoyed by PAM. I vote that PAM stays out of CRUX.
Why would you get annoyed by PAM? If it is proper configured you won't even notice the difference nor you need to touch it. Only to make that clear: PAM is the de facto standard (ALL major Linux distributions ship it). New directory services/infrastructures requiring authentication utilize PAM (e.g. kerberos, ldap). I don't like this egoistic thinking: "I don't need it -> leave it out!". It's a pain in the ass to configure PAM if it is not pre-installed. People depending on PAM have to modify numerous ports only to get it running ('cause it doesn't work out-of-the-box). Later then, they need to keep an eye of every particular port they have modified (port updates, security flaws etc.).
It's a complex piece of code prone to problems and tends to introduce so much excess that I do NOT use, I figure that most people who just need a simple log in system as I do would also get annoyed. Most applications can optionally disable PAM support with something as simple as a ./configure switch, others can't, but for the most part PAM support is entirely optional in 90% of applications on UNIX-Like/Linux.
[..] I would probably end up modifying half of core/opt/contrib to kill PAM from my system [..]
Just don't touch it. getspent(3) works with and without PAM - you're not forced to access your system's /etc/shadow file through pam(_unix).
I'm a minimalist, I try to keep things as simple as possible, and I wouldn't be able to deal with having excess such as PAM on my system, as it contradicts my commitment to minimalist (one of the major reasons I choose CRUX and stuck with it was that it was minimalist out of the box).
I think we're better off without it, CRUX is, after all, a distribution following the KISS way of life, so complexity like this seems wrong.
CRUX users need to configure their kernels themself, configure their system without GUI editors, have to compile applications themself and you're telling me that PAM is too 'complex'? Or did you mean the CRUX user base is too lazy to read documentation[3]? Let me quote some words I found on CRUX's main page "[..] targeted at experienced Linux users", "The secondary focus is utilization of new Linux features and recent tools and libraries".
Complexity of implementation and design, PAM is both implementation complex AND design complex, it rolls over the concept of KISS like a steamroller. I never said a thing about configuration of the kernel or using GUI editors, I stated that I think the complexity introduced by PAM is wrong.
bye, danm
PS: I kindly ask you to reconfigure your mail client to NOT include the email addresses then answering. In Sylpheed go to
Configuration -> Common Preferences -> Tab: Compose -> Tab: Format
Please replace the %f symbol to %N in the "Reply format" text box and remove From:, To: and CC: completely in the "Forward format" text box. Thanks.
Done.
[1] http://crux.danm.de/files/x86/iproute2/net.rc [2] http://linux-net.osdl.org/index.php/Iproute2 [3] http://www.kernel.org/pub/linux/libs/pam/Linux-PAM-html/ -- Daniel Mueller Berlin, Germany OpenPGP: 1024D/E4F4383A _______________________________________________ crux-devel mailing list crux-devel@lists.crux.nu http://lists.crux.nu/mailman/listinfo/crux-devel
-- ~predatorfreak GnuPG Public key: http://pred.dcaf-security.org/dcafsec-pub-gpgkey.asc