I haven’t got a chance to look into this in depth yet and am wondering if someone might know instantly and have the time to reply.
I don’t like vncserver… on yeah… it’s good… real good… but I just don’t feel comfortable with it from a security standpoint. I found scripts that will load it without anyone knowing and not ever evening showing anywhere in the taskbar
anyways… every RedHat install I’ve done - (3-4 in the past three weeks - just trying to get a server up and deciding what operating system to use) I have delibrately made sure it was unchecked as a program I wanted installed.
two days ago when I decided that doing a fresh install (again) with the fedora6 and letting jamie/joe’s install.sh do it’s thing. I noticed that something needed it as a dependency? what?
I didn’t even look all all the depends needed… I just clicked yes when yum wanted to do them… but I noticed it when the downloads were ticking away.
I did things in this order because it was how I understood what joe was saying about errors. I installed basic server fed6… then I did a yum update - (which took 5-6 on 768k dsl) -/ I think this is when I saw the vnc-server depend being downloaded… then I did the install.sh.
anyways… I entered - rpm -e --test vncserver and it was not a known rpm (I was hoping it would tell me what depended on it) - I then did the same with vnc-server and it did not tell me that it was not installed… so it must be.
It did not tell me that anything required it… it just didn’t complain as if I run the command without the --test option and it’ll remove it without being forced. (I have removed it now). I see now that the package name is vnc-server and so that is why vncserver without the hyphen yielded an error.
fedora6 shows the name of the service as vncserver (by going to System/Adminstration/Server Settings/Services)
I’m telling you that I know that I didn’t have it checked as if I wanted it installed… something said it needed it as a depend and that is what I saw ticking away when I was monitoring the upgrade download… “downloading dependablity vnc-sever” (or some wording very similar).
Any ideas about what would claim or even really need this as a depend? Come-on… what "depends" on you setting up a vnc server that give them complete control of your system? It does not compute except perhaps for malicious intent.
Then too… doing an rpm erase yielded no complaints about depends. so why did redhat fedora6 say it was a depend for the paks I did want… It’s just bugging me.
I don’t like vnc for my web server - I like webmin and now virtualmin. there are too many ways for someone to leave a trail behind if they breakin to webmin but too easy to come and go with vnc.
I never have chose vnc for my server but it looks like it keeps trying to choose me with this redhat.
Get this… browse/install programs, then if you click on network servers - you’ll have to unclick vnc-server as it’s one of the clicked-for-you “optional packages”. I just don’t understand why it’s pushed so much and then supposedly depended on when it was not needed because I easily removed it without having to do a --force.
Am I being too paranoid? If anyone has input I would appreciate it.