nagios plugins depend on samba

On Thursday 03 March 2011 10:49:54 you wrote:
> *** This bug is a security vulnerability ***

*lol* I can't see a vulnerability by installing samba packages, but anyhow.

> Public security bug reported:
>
> Binary package hint: nagios-plugins
>
> I have an internet server. I like to keep as little as possible
> installed. A package as "SAMBA' I simply do NOT want installed on my
> server. It has no place there.
>
> Now to get nagios to check my disk-free-status, I installed "nagios-
> plugins". This depends on "samba-common" and samba-common-bin. It
> stopped short of starting the samba server.

What about installing just "nagios-plugin-basic"? "nagios-plugins" is also
depending[1] on "nagios-plugins-standard" which have (at least) on Ubuntu
couple of depencies[2], also on "smbclient".

> So, to monitor samba stuff, I imagine that having the samba tools
> installed is required. But for my use this is not neccesary at all. This
> sort of "attitude" causes software bloat. We/ubuntu should be careful in
> what dependencies to mark as required.
>
> Either split the nagios-plugins package into a nagios-plugins-samba, or
> remove the dependency. In the latter case, you can make things "neat" by
> editing the script that requires samba to print a nice: "you need to
> install samba" if it isn't found.

In debian we have moved a bunch of dependencies to recommands with 1.4.14-2,
which gives you the possibilty to get rid of those packages by deinstalling
them or avoiding automatically installing recommanded packages. Anyhow ... the
ubuntu package has this changes reverted for an unknown reason.

Just my 2 cents, Jan.
[1] http://packages.ubuntu.com/natty/nagios-plugins
[2] http://packages.ubuntu.com/natty/nagios-plugins-standard
--
Never write mail to <email address hidden>, you have been warned!
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
GIT d-- s+: a C+++ UL++++ P+ L+++ E--- W+++ N+++ o++ K++ w--- O M V- PS PE Y++
PGP++ t-- 5 X R tv- b+ DI D+ G++ e++ h---- r+++ y++++
------END GEEK CODE BLOCK------

Ok. Nagios-plugins-basic indeed already provides check_disk, and doesn't pull in samba.

Ubuntu by default installs recommends, but looking at the package the demotion for some packages from Depends to Recommends hasn't been merged. I'm not quite sure why this was, but I am investigating.

If we do add this change, it would enable people to use --no-install-recommends.

Marking incomplete, until the situation is determined.

[Expired for nagios-plugins (Ubuntu) because there has been no activity for 60 days.]