Comment 11 for bug 192258

Can you name some reasons why you believe that nss-mnds and avahi are compromising security? I don't see any, they just help you to make it easier to find and use network services, they do not enable any service themselves. The security implications come with the question whether you actually trust and *use* a service (like DAAP in Rhythmbox, or sshing to foo.local instead of an IP number). nss-mdns and avahi do not, and cannot, change anything in your personal trust relations.

Calling avahi "pernicious and insidious" is unfounded, and to be honest, it's just plain FUD. It might indicate that you misunderstood the purpose of it? Avahi just provides a service catalog, nothing more. Nothing in the desktop depends on it, or even assumes that it provides correct information, and desktop services like DAAP music sharing are not even enbaled by default. We only enable libnss-mnds by default, because it doesn't change any security properties of name resolution.

So I strongly object against dropping avahi and libnss-mdns from the seeds (mind that the entire purpose of *-desktop is to pull in packages, which makes Suggests: totally worthless). Avahi and nss-mdns ease the usage of network services, which is an important thing in a "make it just work" desktop distribution.

However, I do agree that they should be changed from Depends: to Recommends: (like libnss-mdns already), so that you can uninstall them without removing *-desktop. I don't think there is a particular reason for making them strong dependencies, that's more or less just because of historical reasons.