[RFC] Add CrackLib to Chapter 6 LFS

Chris Staub chris at beaker67.com
Thu Aug 4 17:30:24 PDT 2005


Justin R. Knierim wrote:
> Randy McMurchy wrote:
> 
>> There is no middle ground. LFS recommends a build method. We don't
>> sit on the fence and say, "well, if you really don't want this
>> package, you don't need to install it". This would need to be
>> added into several of the LFS package instructions. Is this what
>> we should do?
>>
> I was not aware of LFS being so strict.  There are cases where the user 
> is given a choice, for example with regard to System-V or BSD style init 
> (notes in psmisc about a symlink and 7.1 with a link to the BSD init 
> hint).  I don't see a problem with a note being there.  I believe there 
> were earlier links to BLFS for gcc and shadow for additional functions, 
> etc, but it seems they are not there anymore.
> 
> My opinion is -1.  My reason is LFS is about the base system ready to be 
> added to and secured.  If we really wanted to be secure, (stupid 
> examples follow, not meant as suggestions) we wouldn't setup networking 
> and/or would setup iptables with a rule to block all traffic.  If there 
> was simply a link from the LFS shadow page to BLFS cracklib,pam,shadow, 
> then the user can add those packages without needing a recompile.
> 
> Just my opinion.
> 
> Justin
> 

I agree. All that's needed is to add a link to that section of BLFS in 
the Shadow instructions. Besides, I thought tight security was what HLFS 
existed for - the base LFS is mostly just to teach people how to create 
a system that works.



More information about the lfs-dev mailing list