On Thu, 22 Jan 2004, WipeOut wrote: > >Personal opinion here, but if you are relying on RedHat to be your > >security provider, you have no business administering a system connected > >to the Internet. Sure, they make it easier, but common sense and a solid > >understanding of the applications and code that your system is based on > >are a hell of a lot more comforting. > > Dude, with all due respect take a look at point 11 on your best practice > PDF that you said I should read..
Yes. And if you are planning on using a RedHat 7.3 system, then turn to Progeny. If you use something along the lines of Debian, you don't have a "vendor" to deal with. Or become your own support mechanism and roll your own fixes by keeping up to date. > I am not saying that I don't agree with your other points, I do, but the > fact still remains that the updates from the distro provider are vitaly > important to the running of a secure system in addition to the > firewalling, stopping of unused services, the removal of packages that > are not used and all the other things.. > Also to say that there are more vulnerabilities in the newer systems > seems a little odd to me since the newer systems are usually grown from > the older systems and generally if there is an exploit in a newer > package it is likely to be in the older one as well.. RedHat 8 and 9 add a lot more packages to the mix as well as use newer GCC and Glibc. "New" does not equal "More Secure". RedHat 8 and 9 are a pretty radical departure from the 7.3 train. Add new code, add new potentials for exploits. ;) > Finally the fact that more exploits are discoverd in a shorter time > frame on the newer distro's is probably a testament to the fact that the > popularity of linux is spreading and growing almost exponetialy so it > stands to reason that more will be created and discoverd in a storter > time scale than before.. > > Anyway this is undoubtedly a topic that could go on forever with > everyone having an opinion, so I guess we can say that we each have out > own opinion about it and leave it there.. Yes.. and it's off topic, and just short of a flame war! ;) How about you grab the SRPMS that I posted and see if you can install / build them on RedHat 9.0 for us? :) -- Vice President of N2Net, a New Age Consulting Service, Inc. Company http://www.n2net.net Where everything clicks into place! KP-216-121-ST _______________________________________________ Asterisk-Users mailing list [EMAIL PROTECTED] http://lists.digium.com/mailman/listinfo/asterisk-users To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users