Description of problem: cfme-appliance rpm requires telnet. # rpm -qi --requires cfme-appliance Name : cfme-appliance Version : 5.7.2.1 Release : 1.el7cf Architecture: x86_64 Install Date: Thu 04 May 2017 11:20:12 AM EDT Group : Applications/Internet Size : 274320 License : Unknown Signature : RSA/SHA256, Thu 06 Apr 2017 03:01:36 PM EDT, Key ID 199e2f91fd431d51 Source RPM : cfme-appliance-5.7.2.1-1.el7cf.src.rpm Build Date : Thu 06 Apr 2017 02:51:48 PM EDT Build Host : x86-017.build.eng.bos.redhat.com Relocations : (not relocatable) Packager : Red Hat, Inc. <http://bugzilla.redhat.com/bugzilla> Vendor : Red Hat, Inc. URL : https://github.com/ManageIQ/manageiq-appliance Summary : CloudForms Management Engine appliance configuration Description : CloudForms Management Engine Appliance /bin/bash /bin/env /bin/sh /bin/sh /bin/sh /usr/bin/env adcli c-ares >= 1.7.0 cfme = 5.7.2.1 chrony httpd ipa-admintools >= 3.0.0 ipa-client >= 3.0.0 less lvm2 mod_auth_kerb >= 5.4 mod_auth_mellon mod_authnz_pam >= 0.9.2 mod_intercept_form_submit >= 0.9.7 mod_lookup_identity >= 0.9.2 mod_ssl nmap-ncat oddjob oddjob-mkhomedir openldap-clients openscap realmd rpmlib(BuiltinLuaScripts) <= 4.2.2-1 rpmlib(CompressedFileNames) <= 3.0.4-1 rpmlib(FileDigests) <= 4.6.0-1 rpmlib(PayloadFilesHavePrefix) <= 4.0-1 samba-common scap-security-guide smem sssd >= 1.11.6 sssd-dbus >= 1.11.6 telnet unzip vim-enhanced rpmlib(PayloadIsXz) <= 5.2-1 Version-Release number of selected component (if applicable): cfme 5.7.2.1
vim is a security concern?
I don't think vim is a security concern but why does cfme-appliance package requires all these unnecessary packages, like telnet? Is it a dependency that is required?
As far as I know, there are no application dependencies on these packages. They were added to the build over the years at the request of developers and customers that needed these tools for administration and troubleshooting.
I agree, they should be on the appliance for convienence, but they shouldn;t be listed as dependencies for the cfme-appliance package. This is a build problem and the wrong approach to pull these packages in.
Packages not required to run CFME are moved to cfme-appliance-tools subpackage and will be installed from kickstart independently during VM creation.
Verified in 5.9.0.2
Since the problem described in this bug report should be resolved in a recent advisory, it has been closed with a resolution of ERRATA. For information on the advisory, and where to find the updated files, follow the link below. If the solution does not work for you, open a new bug report. https://access.redhat.com/errata/RHSA-2018:0380