On Mon, Nov 16, 2015 at 08:39:24PM -0500, Stephen Gallagher wrote:
- Reduce disk space usage. While disk space on physical devices is
becoming trivially cheap, disk space on Cloud deployments and rented virtual servers is still comparatively very expensive. We really want to minimize the amount of space that we use for Fedora so that users can fit their applications (the stuff they actually care about) into the remaining space without being forced to buy a larger storage allotment.
I want to add to this that smaller image size _also_ means less network traffic and faster deployment time, which I also hear from people as an importand factor.
- Limiting security exposure. Every package on the system is another potential privilege-escalation point. Keeping this number under control means a reduced likelihood of a catastrophic breach. (The actual risk here is impossible to quantify, but it can be assumed that less code == less potential vulnerabilities.
And to this: in the large institutions that I've been a part of, protesting that known vulnerabilities in code that isn't run because the daemon is off, or because there's a firewall, or whatever, gets you nowhere with the compliance people.
- The largest individual package in both deployments is the
glibc-common package. This is primarily due to the 106MiB locale-archive. I'd really like to hear from glibc folks if there is something we can do to break this up into smaller pieces contained in different sub-packages with Suggests: dependencies.
Yes, there's work on this. https://fedoraproject.org/wiki/Changes/Glibc_locale_subpackaging