AvANa-BBS / freepto-lb

Encrypted GNU/Linux OS (based on Debian Wheezy) which can be installed on USB flash drive. Freepto is designed for encrypt your communications, carry your documents in secure way and save your anonymity.
http://www.freepto.mx/
44 stars 14 forks source link

Remove compiler from Freepto #143

Closed ghost closed 10 years ago

ghost commented 10 years ago

Currently gcc and build-essential are installed on Freepto, these packages should be removed.

This can decrease the chance of customized trojans, backdoors and rootkits to be compiled and installed.

boyska commented 10 years ago

I don't think this is a security issue (freepto is a really "standard" debian system, so it's very easy for anyone to compile for that system), but is true that we don't need build-essentials.

Any clue on why it is installed (ie: aptitude why build-essential)? I think it is not explicitly asked.

boyska commented 10 years ago

here it is: http://dev.freepto.mx/dev/boyska+143-compiler/140922_11.40_v.1beta1-1-g11aca55-it/

this still installs cpp (required by x11-server-utils, namely xrdb), but most of other dev tools are not present anymore. Simple checks are

dpkg -l | grep -- -dev
dpkg -l | grep build-ess
dpkg -l | grep gcc
ghost commented 10 years ago

cpp should be present due to this bug: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=749646#10

so, probably it will be removed automatically in the future when the dependency will removed in the package.

I will test it

boyska commented 10 years ago

That dependency is not going to be removed: it is expected

ghost commented 10 years ago

oh right, they are talking about x11-apps.

ghost commented 10 years ago

Tested. the patch is working.