[Dev] [consensus][due: 2016-08-10] increasing security in Parabola, servers

pelzflorian (Florian Pelz) pelzflorian at pelzflorian.de
Mon Aug 8 11:52:00 GMT 2016

On 08/08/2016 12:41 PM, hellekin wrote:
> On 08/04/2016 07:35 AM, pelzflorian (Florian Pelz) wrote:
>> Again, I don’t think it matters for a server, but since Luke has reasons not to want
>> NetworkManager, we can simply use systemd-networkd or even a shell script.
> IMO it does: putting unneeded dependencies on a server augments its
> attack surface. Putting X11 dependencies on a server is calling for the
> server to be compromised. YMMV.

`pactree networkmanager` does not show anything X11 for me. Even if it
did you would not need to actually run X11. Also I don’t think it is
that dangerous to remote-administer your server via X11 + SSH-tunneled
VNC (but again, it’s not necessary).

However, since we are talking about Parabola’s main servers, an excess
of caution may be appropriate. The consensus seems to be not to use
NetworkManager and I agree.

More information about the Dev mailing list