On Fri, Feb 28, 2003 at 01:21:41PM -0800, terry white wrote: > given the mindset required to run linux, i tend to avoid depending on > a vendor for security. in addition, i think there's something to be said > for building and installing from source ...
Being employed by a vendor, my opinion is necessarily a little tainted, but I think this is outright a horrible idea. Vendors, RedHat included, are frequently some of the first to learn about security problems, and their packaging process tends to retain security patches that sometimes never get worked into 'upstream' versions of software. (That, and they tend to have reasonable QA proceedures, to test the software before distributing it to the world.) (As for the merits/demerits of individual vendors, that is probably best discussed in the context of their maintainence agreements..) -- Demand voting integrity: http://verify.stanford.edu/evote.html
pgp00000.pgp
Description: PGP signature
