Not, not at all.

Slackware does a good job with it's package sets. You can install much of what is needed for a desktop without installing the server stuff and so on.


They sure are.

So why toss everything at them, and hope they will want to learn later and remove stuff they don't need, rather than teaching them how the system works and which software does what?

No, it's not to much for a firsttime user, and yes, it would be a better impression.


I think your missing the point. It does not matter that you never use it, having it on there is in itself a greater risk.

Lets say there was a way to get a local shell on Linux, because of an exploit in something you did have installed.

Then, lets say there is a privilege escalation exploit in gv.

Boom, that local shell now has root, because you had unnecessary software installed.

That is not even really an exaggeration. Yes, patching and staying up to date is best practice in both scenarios, but to say having everything installed makes no difference to security is naive.


Just as there is a difference between telling everyone to install everything for the sake of simplicity and teaching them a bit after the fact, or helping them through the first time so they have a more efficient system and learn more along the way.

I can see we differ here, and I don't think much more can be said. I will however, advocate a more minimal install from now on. The many advantages of this approach outweigh the single convenience factor of the full install.

Please put yourself in the position of a first-time user. You don't know what any of the packages actually do, they're just names. Oh, and you have a short one-liner description that doesn't really tell you much.

Sure, but try running MPlayer without installing samba. Poof, strange library not found error that doesn't really make sense unless you know that MPlayer uses samba to run stuff directly from a samba share.

During the install I'm trying decide whether I need groff. Well, it looks kind of important but I don't really do much writing kind of stuff. So I leave it off. Oops, I can't use man pages.

No, the first impression is "I want to watch a video. I need to run mplayer. MPlayer is broken. Bye-bye". It's already a pretty decent leap to start using a Slackware system and adopting the Slackware philosophy. Making it worse *does* *not* *help*.

So your solution to throwing them to piranhas is to hand-hold them through it. Good Job.

If you're on a true multi-user system, then you *must* have everything, because that's what's expected by your users. It's not nice to have to install important stuff in your home dir because the sysadmins thought they were being clever.

It's also naive to think that not having an app installed wins you any significant extra security if you're already doing things right. First, what are you doing running services unless you actually need them? If you have a local shell on a system with gcc (which is pretty much required for Slack), you can write something with whatever vulnerability you like. Vulnerabilities in SUID binaries do matter here since you can't imbue that without already having privileges and exploiting one is an instant privilege escalation, but the few SUID binaries that actually do exist are generally from critical a/ packages and you can't avoid them.

I advocate minimal installs myself, *but only after someone has gained enough experience to not shoot themselves in the foot too often*.

One example would be a site such as Slackbuilds.org.

It's MUCH easier (I imagine) to say up front "all scripts assume a full install of Slackware". That way if someone has a problem with a build, you can count on a common starting point when troubleshooting.

Hi,

I think a lot of the posters in this thread have missed the point;

There's more but the above 'Announcement' does meet my descriptions of Slackware. The Slackware Team has said a lot in the above. I especially like the underlined text. Says it all!

You guys can take your analogies and beat them into any form you want but they all come out the same whenever you consume that damn burger. If you don't like Slackware as it's setup then contact PV & team. I'm sure they will accept constructive criticism but for something like this threads content I'm sure they will tell you where you can put it.

Guys, Slackware is a world distribution not just a niche. As advanced users you should know how to trim or correct the install to suit your needs. Slackware is never going to be a hold your hand nor real time type distribution. Thankfully so!

I'm not trashing or flame baiting but the above statement does bother me a bit. Note the underlined text. Now I can just see someone stating that 'If Slackware released in this way';

If you want a hold your hand system then I suggest then a '*buntu' type distribution will be for you to have since updates, variety of software are just a few clicks away.

Make Slackware an easy to use system. What sort of blasphemy is this :P
I actually started out using Slackware tho I will admit I have deep love for LFS now and a side interest in gentoo.

Hi,

Slackware is easy once you get to know your way around.

The descriptions are actually quite informative. Even so, you seem to have missed my point about package sets, and you keep arguing from the perspective of individual packages. Why? Why would a new user choose expert mode?

Well, yes, that was a poor design decision.

In which case, Xine will work, or users can ask for help and learn what a dependency is, or learn about alternative software, or learn about Slackbuilds so samba is not required just to watch a movie on your desktop...

Educating is always the better option IMO

If you install a package set, you won't have this issue.

Even if you do, it is easy to ask and install and learn from your mistake.


It's not making it worse. Those kinds of users, in truth, are probably not best suited for slackware.

Your approach is to hold hands and babysit, while leaving a heap of unneccesary software on their machine. Hmm.


A bit melodramatic aren't you? Pirahans? Did you really find installing by choosing package sets that difficult?

My approach is not handholding, but education and help. As opposed to your approach which is install everything for the sake of simplicity. In which case, why not advocate any other number of distros in it's place, if simplicity is what is important?


What absolute rubbish. Have you ever admined a system or network?

Even if you have, what has that got to do with desktop systems, which is what we were discussing.

That doesn't even make sense. At least in the context of this conversation,

1st of all, I work as a security consultant, professionally.

2nd, you clear don't understand best practices, or the conept or attack surface area.

What has that got to do with anything?

A better point might be, what are you doing with software installed, 90% of which you never use?

Again, what has that got to do with anything?

I could install an insecure version of sendmail if I wanted to...so what?

The fact that people can introduce vulnerabilities into a system has nothing to do with the point I made, at all.


Yet you keep advocating a full install, with no good reasons to justify it. The more I read your arguments, the more I am convinced it is simply irresponsible to advocate a full install.

This thread never had anything to do with how slack is setup, but rather why people advocate a full install when it is simply unnecessary.

In Slackware-HOWTO available at the root of any Slackware tree, Patrick Volkerding recommend to *beginners* to take the "full" install option, as easier for them. Still, if in addition he proposes the "newbie", "menu", "expert", "custom" and "tagpath" options as well that should be for a reason...

... And the reason is: Pat lets you choice for yourself what should be included in your system and tries hard to make your choice easy.

This is one of the many reasons I prefer Slackware over other distributions I have tried.

I've said this before: I always do a full install. Why? Because I'm interested in all aspects/branches/whatever of computing. Today I might want to do some programming (or learn how to, anyway). And I've got the compilers and interpreters here, ready at hand, to do it. No having to trawl through Synaptic. No getting tripped up because I've only got libwhatever and not libwhatever-dev. Tomorrow, I might want to try setting up a web-server, got Apache, MySQL, PHP. Do I want to try a minimal, expert-mode, install: got VirtualBox - stick one in there. Three quick examples of why Slackware, and a full installation of it, suits me just fine. YMMV, but frankly, I don't give a damn.

So for you guys who don't do a full install, which installation method (newbie, menu, expert, custom, tagpath) do you use?
Do you go through the entire package list to select what you want? Or do you just select the package series (A, AP, X, XAP, etc) that you want?

Agreed. Running -current with KDE 4.3.3 atm and loving it!

Once I figured out the bare minimal (yet easily upgradeable) set of packages, I use tagpath every time I setup a new slackware PC.

Tagpath is a very powerful option that I have the impression few people use
It would be a more "mainstream" option if the slackware team included some tag files in the official release (ie: dedicated file server, dedicated LAMP server, etc...).
Tag files don't realty take much space in the dvd, so it would be nice to have some in there.

Hi,

Yes, the argument is about the setup and how it is presented to others. These recommendations are not just mine but from the Slackware team. You don't look at this in a holistic sense but from your perspective. There are multiple types of Slackware users and the Distribution attempts to handle all. It is recommended that a new user do a full install initially. If a user that is not familiar with the distribution and attempts a menu driven install then the system will likely be broken. If you would recommend to a new user to do a 'Menu driven' install with the necessary allocation of packages to be selected to get a working system then that's OK by me. But it's easier to say 'Select Full Install' for now. Then we'll talk about the trimming after you become acquainted with your new working system.

Of course you could provide a 'tag' file and hopefully you have not excluded something that the new user may need. Wake up Josh, this is a Distribution that will continue in the fashion it has been presented over the years. It will continue, it's stable & as long as PV is the maintainer the way it is presented to the public will remain. Your paddling upriver!

I've noticed several things that could be tweaked or changed to suit my installs but I continue to do it my way for my systems. I'm not saying it's wrong to present your ideas but for simple things like a install for a newbie then the answer is a 'Full Install'.

This argument is getting old. If you don't like it then contact PV & team with your suggestions along with supporting arguments & data.

No, it's not.

Nothing to do with that at all.

It's about advocating a full install vs a minimal install, or installing from package sets.

Nothing to do with slack officially, or the dev team.

menu/expert and full are not the only options. There is a very intuitive and simple middle ground, package sets, which has the advantages of the full install, and none of the disadvantages.

As I said earlier, nothing at all to do with PV and team.

Agree the argument is old though. I'm just surprised so many people advocate it.

Hi,

Semantics.

Yes, it does have something to with the core of how Slackware is recommended to be installed. Read the docs!

We as helpers here do feel that to follow the recommendations by the Slackware team is the means to have continuity. We do adjust or advise relative to the current issue that someone may have but the core information is solid.

I'll say this again, you are not looking at this in a world view nor a newbies' view. In order to get a working system it is best to do a full install. If you have a better option then present it. Most new users are not aware of the system functionality to begin with let alone knowing what a 'tag' file is or what is dependent on another package for dependency, possibly a lib or whatever. It's best to install a full system to have a known working base. Then approach from there.

Your simplistic view for alternatives for all is just not there. Newbies have a rough time as it is and you want or expect middle ground. Go for it. As I said, get involved as a helper here on LQ and you will soon find out what I'm speaking about. Sure, you will find the exception but most need help in a simple form. Add to that communication, society or age barriers and you soon have more issues.

Present these same suggestion to the Slackware team and see where it goes. You would not be surprised if you actively worked with newbies all the time. In fact you would soon realize the reasoning behind the recommendations.

This was quoted from Josh to tuxdev in post #37 I'll respond from my perspective since this issue does over lap;
Experienced users have a totally different approach to system setups. I for one would not recommend my methods to anyone as I do things different and based on MY needs not theirs. Sure, some people get to the end via a different path on most things by utilizing a variety of tools. As an example I only burn my ISO when dictated. I prefer NFS installs but there are times it is easier to have cd/dvd/USB media install methodology. But that technique would not be a recommended style to someone who did not know the distribution nor alternative install methods let alone how or what should be selected when 'setup' is started.

Enough Said by me on this subject as I could be helping someone who needs my time.