Some analysis on the size of the minimal and Server installs of Fedora 23

Matthew Miller mattdm at
Tue Nov 17 23:50:56 UTC 2015

On Mon, Nov 16, 2015 at 08:39:24PM -0500, Stephen Gallagher wrote:
> 1) Reduce disk space usage. While disk space on physical devices is
> becoming trivially cheap, disk space on Cloud deployments and rented
> virtual servers is still comparatively very expensive. We really want
> to minimize the amount of space that we use for Fedora so that users
> can fit their applications (the stuff they actually care about) into
> the remaining space without being forced to buy a larger storage
> allotment.

I want to add to this that smaller image size _also_ means less network
traffic and faster deployment time, which I also hear from people as an
importand factor.

>  * Limiting security exposure. Every package on the system is another
>    potential privilege-escalation point. Keeping this number under
>    control means a reduced likelihood of a catastrophic breach. (The
>    actual risk here is impossible to quantify, but it can be assumed
>    that less code == less potential vulnerabilities.

And to this: in the large institutions that I've been a part of,
protesting that known vulnerabilities in code that isn't run because
the daemon is off, or because there's a firewall, or whatever, gets you
nowhere with the compliance people.

> * The largest individual package in both deployments is the
> glibc-common package. This is primarily due to the 106MiB
> locale-archive. I'd really like to hear from glibc folks if there is
> something we can do to break this up into smaller pieces contained in
> different sub-packages with Suggests: dependencies.

Yes, there's work on this.

Matthew Miller
<mattdm at>
Fedora Project Leader

More information about the server mailing list