[Mageia-dev] installing minimal is not really that minimal

Fri Mar 23 17:47:01 CET 2012

2012/3/23 Thierry Vignaud <thierry.vignaud at gmail.com>:
> On 23 March 2012 17:00, Maarten Vanraes <alien at rmail.be> wrote:
>> thanks for the explanations, i really appreciate this, it seems logical,
>> somehow, except maybe what i'm coming back to:
>>
>> mageia-gfxboot-theme is pulled by installer? how does that work?
>>
>> is this really required? or is this something that's somehow done in the
>> graphic installer?
>>
>> i mean, i didn't select graphic grub, i chose text-grub specifically. and
>> somehow during the choosePackages step, the mageia-gfxboot-theme is
>> automatically selected...
>>
>> this is the packages that's adding via extra dep and suggests, most of the
>> stuff...
>>
>> where can i find the code that is responsible for this, so i can try and fix it?
>
> we preselect it here so that it got installed early:
> http://svnweb.mageia.org/soft/drakx/trunk/perl-install/install/any.pm?revision=3532&view=markup
>
> because else it'll be automatically pulled later, adding a one package (or more)
> wait later:
> http://svnweb.mageia.org/soft/drakx/trunk/perl-install/bootloader.pm?revision=3581&view=markup
>
> just look mageia-gfxboot-theme
>
> Of course, that's OK for 99% of our users but for those manually
> selecting text lilo.
> That's a trade off: enforcing waiting for packages installation after all
> the other package installation so that a couple users can not have
> the bootsplash installed and select lilo or having a couple users
> unhappy
> BWe could not preselect
>
>> about firewall, perhaps it's possible to just include iptables, but set policy
>> on DROP incoming? shorewall seems a bit over the top...
>
> we configure shorewall, not iptables.
>
>> but, if summary isn't completed, you can't boot into it, wrt bootloader? so
>> firewall seems useless for that...? what is the rationale behind this?
>
> In the old days we let poeple choose the security level early then we
> automatically install & set  up the firewall accordingly.
> Later the security choice was moved to the summary and security level
> number was reduced from to 3 (see msec or security::level)
> But since the default security level is 1 ("standard"), we automatically
> install the firewall anyway.
> For years.

Yes and it has bothered me for years.
Why not wait for the summary and install the firewall after the
summary? Is there a security level without firewall? Name it "0" and
add "This is not recommended for a standard installation."

Same with glx-boot and plymouth, etc. Users will get used pretty fast
to a new installation procedure where more packages are installed
after the summary - last time I read this sentence "users will get
used to it" when the move of X to tty1 was discussed - then this
"having to get used to" was no problem. Why should it be one here?

-- 
wobo