[RFC] Add CrackLib to Chapter 6 LFS

Randy McMurchy LFS-User at mcmurchy.com
Thu Aug 4 21:36:46 PDT 2005


Justin R. Knierim wrote these words on 08/04/05 23:25 CST:

> I was not aware of LFS being so strict.  There are cases where the user is given a choice, for example with regard to System-V or BSD style init (notes in psmisc about a symlink and 7.1 with a link to the BSD init hint).  I don't see a problem with a note being there.  I believe there were earlier links to BLFS for gcc and shadow for additional functions, etc, but it seems they are not there anymore.

There really is no choices given in LFS Chapter 5 or 6, unless you want
to consider the text in the Vim instructions to be a choice. We suggest
a build method. It is up to the reader to follow, or not follow the
suggestions.


> My opinion is -1.  My reason is LFS is about the base system ready to be added to and secured.  If we really wanted to be secure, (stupid examples follow, not meant as suggestions) we wouldn't setup networking and/or would setup iptables with a rule to block all traffic.  If there was simply a link from the LFS shadow page to BLFS cracklib,pam,shadow, then the user can add those packages without needing a recompile.

You are entitled to your opinion, thanks for offering it. Though I
cannot see why you think that by installing *one* simple library, and
the accompanying dictionary, is something that we would not want to
suggest in the default LFS build, seeing how it plugs such a big
security gap in the current LFS build.

-- 
Randy

rmlscsi: [GNU ld version 2.15.94.0.2 20041220] [gcc (GCC) 3.4.3]
[GNU C Library stable release version 2.3.4] [Linux 2.6.10 i686]
23:30:00 up 124 days, 23:03, 2 users, load average: 0.26, 0.17, 0.33



More information about the lfs-dev mailing list