[Pkg-libvirt-maintainers] Bug#883020: Debian Bug Report: libguestfs0 should not depend on btrfs-progs

[Hilko Bengen]

* H.-Dirk Schmitt:

> Am Dienstag, den 28.11.2017, 23:13 +0100 schrieb Hilko Bengen:
>
>     libguestfs is designed to handle disk images of virtual machines and it
>     makes sense to include at least support for common filesystems. You and
>     I may not particularly like the filesystem, but btrfs is one of the more
>     commonly used filesystems.
>
> See e.g. https://btrfs.wiki.kernel.org/index.php/Main%5FPage
> „Not too many companies have said that they are using Btrfs in production…“

To back up my claim: Default installations of SuSE Enterprise Linux (or
whatever it is called these days) are based upon BTRFS.

>     I'm not sure I follow: Do you mean that some sort of policy
>     forbids/prevents installation of anything btrfs-related?
>
> **YES**
> I'm maintaining an mid-size installation. For these systems
> 'btrfs-tools' is explicitly removed:
> - not used, because I rely on ext4 and mdraid
> - limiting the installed packages is improving the security (reducing
>   surface)
> - it has had introduced a boot delay (at this time trusty was used,
>   not retested actually).

If you really wish to reduce the attack surface imposed by a filesystem
implementation, you'll want to get rid of the kernel component, i.e.
you'll ship custom kernels or use module blacklisting. This means that
you are already working with distribution tools and I suggest using
equivs or similar to provide a dummy btrfs-progs package.

Cheers,
-Hilko