Le 2011-05-19 16:33 +0200, Hai-Nam Nguyen a écrit :
> If I had a question, it could be "Why hasn't no one hacked
> blog.hanoilug?" with WP 2.5.1, it's so easy to hack into the server.
Feel free to try it! And may be you'll benefit from it by learning
more about the Debian way to manage security through stability.
Debian _do_ apply security patches, through standard Debian security
updates, but always keeping the _same_ version of the software, based
on the fundamental idea of server stability.
Put in other words, they do security update without requiring to
change the application behavior when we don't expect it to change.
(we'll expect it to change when _upgrading_ the system, not on the
occasion of a single security update).
This is one of the main reasons which made me definitively switch to
Debian, while having been using others distro for years before that.
An other good point with Debian is that web applications are always
packaged with security concern in mind: you won't find any silly and
dangerous thing such as "chown -R www-data" or "chmod 777" except
when strictly required (and even though, they'd almost always use a
dedicated account for that).
P.S. : I intend to do a system upgrade from Lenny to Squeeze this
Summer. I'd love to be able to do it sooner but that's not
possible for now…
--
Jean Christophe ANDRÉ — Coordonnateur des infrastructures techniques
Agence universitaire de la Francophonie (AUF) — http://www.auf.org/
✉ : AUF, 21 Lê Thánh Tông, T.T. Hoàn Kiếm, Hà Nội, Việt Nam
℡ : +84 4 38247382 ✦ ℻ : +84 4 38247383 ✦ Cellul. : +84 91 3248747
⎧Note personnelle: merci d'éviter de m'envoyer des fichiers Microsoft⎫
⎩Office, cf http://www.gnu.org/philosophy/no-word-attachments ⎭
_______________________________________________
POST RULES : http://wiki.hanoilug.org/hanoilug:mailing_list_guidelines
_______________________________________________
HanoiLUG mailing lists: http://lists.hanoilug.org/
HanoiLUG wiki: http://wiki.hanoilug.org/
HanoiLUG blog: http://blog.hanoilug.org/
