Hello,
We are working on Application Whitelisting. For this to work, we need to have
a list of things that we trust. At the moment, that list is well over 400k on
a desktop install. But we really need to get that smaller.
According to the Linux FHS standard, /usr/share is supposed to only contain
data. Executables have other places to live. If we can assume that there is
only data in /usr/share, then we can remove about 330k of the items from our
trust database.
However, I'm finding that on a typical system, there are about 20 packages
that place python byte code in /usr/share. Is it possible to move those
python modules to another location? The packaging guidelines imply, but not
require, that they belong over in /usr/lib64/ somewhere.
Reducing the trust database is important to the application whitelisting
project. Does making /usr/share/ data only sound feasible?
Thanks,
-Steve