On Mon, Aug 08, 2005 at 08:20:25AM -0700, Kris Benson wrote: > FreeRadius users mailing list <freeradius-users@lists.freeradius.org> on > August 7, 2005 at 11:16 -0800 wrote: > >On Sun, 7 Aug 2005 15:05:50 +0100
> >Install FreeBSD, go to /usr/ports/net/freeradius and simply type make > >install clean > >Voila, all you need including dependiences will be automatically > >installed on your system. > >Or if you wanna go for a BSD wannabe in the Linux world, use Gentoo, > >there you just type emerge freeradius and you get the same result as on > >BSD. > >Dealing with Debian you either get outdated applications or pretty > >unstable system, depending of the Debian branch you may want to use. > >Please keep in mind this is my subjective opinion based on my long time > >experience. > >And BTW, the version you are trying to install is also outdated and with > >known security issues. > Dude! He's trying to install the most recent version: 1.0.4... While I > would agree that FreeBSD is generally a better choice than any Linux > variant, YMMV. > You are right about outdated packages -- the Debian Freeradius package is > v1.0.2... and comes without EAP-TLS and anything that requires it. (This is directed at both the preceeding posters. I just didn't want to type it out twice. ^_^) You may want to do a modicum of research before throwing aspersions. Given that Debian/Sarge predated FreeRADIUS 1.0.4 (and 1.0.3), and the FreeRADIUS 1.0.2 package in Debian/Sarge contains all of the essential security and bug fixes that differentiate it from 1.0.4 [1], I'd hardly call it outdated. _I_ think it's the best 1.0.2-based version available for the time, and it's still serving _me_ quite well. If there were any other security problems, a new version would be put into Debian/sarge, so it's not like it's bitrotting into a security hole. (This is true of Debian/sarge in general.) Debian/sid and Debian/etch obviously contain FreeRADIUS 1.0.4 + whatever fixes will differentiate it from 1.0.5, as appropriate. [2] And the exclusion of EAP/TLS is due to the well documented conflict between the GPL license of rlm_eap_tls and the OpenSSL license, which makes distributing binaries of rlm_eap_tls that link against openssl impossible, legally. And since there are several various sets of instructions on building your own copy of FreeRADIUS for Debian with eap-tls included, I don't feel that not distributing unlicensed binaries is a big loss compared to distributing unlicensed binaries. And I'm not going to even start on people who think the solution to any computer problem is "Blow away what you've got, install my favorite OS, and do things my way". I put time and effort into the Debian FreeRADIUS package, to make it the best it can be. You're welcome to level criticisms at it (Debian has a whole BTS to do that in ^_^) but "the packages sucks and is outdated and has security holes" based entirely on the upstream version number is a little on the wrong side of criticism for me. I'm also gonna resist the temptation to baselessly attack FreeBSD. Any opions I have on FreeBSD have been formed through FreeRADIUS, and as such are well documented on the freeradius-devel list. Certainly the preceeding preceeding poster demonstrated that their long experience may also have been a long time ago, back when Debian was only Stable and Unstable (Circa 1998 I think) and possible hadn't grasped the essential nature of the Debian distributions beyond their names. (Just like the essential nature of the FreeRADIUS version not being grasped beyond the upstream version number.) I think I'm sensing a theme here of judging books by their covers. [1] http://packages.debian.org/changelogs/pool/main/f/freeradius/freeradius_1.0.2-4/changelog [2] http://packages.debian.org/changelogs/pool/main/f/freeradius/freeradius_1.0.4-2/changelog -- Paul "TBBle" Hampson, on an alternate email client. - List info/subscribe/unsubscribe? See http://www.freeradius.org/list/users.html