On Thu, May 18, 2000 at 11:14:57AM +0200, Mario Galan wrote:
> Until yesterday, I used to think that I had a quite secure
> system, or at least not with well-known bugs, just by upgrading on a
> regular basis the packages that Mandrake had in their updates page. I
> thought that there is anybody on Mandrake reading security lists, and
> things like that in order to have us warned about those threats.
I think there probably is, although I do think Mandrake is sometimes
a bit slow to release the updated packages, and I see other distros
beat them to the punch quite a bit. I read bugtraq and a few other
lists like vuln-dev, since I do not like to rely on vendors to keep
me updated.
> But yesterday I was having a look at www.securityfocus.com and
> I was very surprised when I saw that there are several known security
> holes in our distro that aren't listed in the updates page.
What vulnerabilities are these that you're mentioning here? Could
you give a URL or describe them?
> And in reverse, situation is very similar, there are things
> known and fixed by Mandrake that aren't listed on securityfocus.
These may be distribution specific problems.
> So, here goes my questions:
>
> - What should I do to have a secure system?. Well, I know I could be
> reading bugtraq list and security docs all day but I have no time for
> such things.
Well, I don't know the case with you, but since part of my job is to try
my best to keep my systems secure, I do take some time to read the
security lists that are out there, and sometimes hit the websites.
I know some people may not be in the same position, but just learn to
use procmail some more and you'll be OK :)
> - Is Mandrake a secure distribution?
Any *nix distribution is only as secure as you can make it. The closest
you'll ever get to compeltely secure is to turn the machine off and
walk away ;)
I've been fairly happy with Mandrake's security model so far.. I think it
is an improvement over RedHat, but I think they should borrow some more
from FreBSD.. hehe.
I also wish that Mandrake had a discussion oriented security list that
we could post to. I'd be more than happy to be reading bugtraq and
forwarding relevant things to the mandrake-security list and others
probably would as well.
--
Jon Changnon, Director of Operations
e: [EMAIL PROTECTED] p: 440.951.9525
http://www.dncc.net
