[RFC] Add CrackLib to Chapter 6 LFS
chris at beaker67.com
Thu Aug 4 17:30:24 PDT 2005
Justin R. Knierim wrote:
> Randy McMurchy wrote:
>> There is no middle ground. LFS recommends a build method. We don't
>> sit on the fence and say, "well, if you really don't want this
>> package, you don't need to install it". This would need to be
>> added into several of the LFS package instructions. Is this what
>> we should do?
> I was not aware of LFS being so strict. There are cases where the user
> is given a choice, for example with regard to System-V or BSD style init
> (notes in psmisc about a symlink and 7.1 with a link to the BSD init
> hint). I don't see a problem with a note being there. I believe there
> were earlier links to BLFS for gcc and shadow for additional functions,
> etc, but it seems they are not there anymore.
> My opinion is -1. My reason is LFS is about the base system ready to be
> added to and secured. If we really wanted to be secure, (stupid
> examples follow, not meant as suggestions) we wouldn't setup networking
> and/or would setup iptables with a rule to block all traffic. If there
> was simply a link from the LFS shadow page to BLFS cracklib,pam,shadow,
> then the user can add those packages without needing a recompile.
> Just my opinion.
I agree. All that's needed is to add a link to that section of BLFS in
the Shadow instructions. Besides, I thought tight security was what HLFS
existed for - the base LFS is mostly just to teach people how to create
a system that works.
More information about the lfs-dev