On Saturday 14 May 2005 11:58, Ira Abramov wrote: > Quoting Shlomi Fish, from the post of Thu, 12 May: > > When can we upgrade to Sarge? It seems to be frozen right now, and I sure > > could use the newer software. > > I upgraded my servers to Sarge the day they added it to the security > team's agenda. everything was honky-dory until the point my server was > hacked into 3 days ago and 3 different rootkits were detected. > > I'm not sure the problem was a hole in one of the packages or if it was > one of a badly configured crowd of dynamic sites, but take it into > consideration...
OK. I will. Are there any known holes in one of Sarge's packages? > > > 1. Install enough software to be able to use dh-perl-make: > > > > http://perl.org.il/pipermail/perl/2003-December/003663.html > > > > I'll need make and stuff. I'd rather not contaminate the perl directories > > with modules I install using perl -MCPAN. And not all Perl modules are > > available in the Debian pool. > > and why would you need that on the server? part of the idea of keeping > maintainence on it is installing only stuff that is > a. essential > b. somes in a regularly updated, security backed debian packege. > I'm having to maintain some web applets written in Perl on eskimo. These in turn require some Perl CPAN modules, some of which are not available in the Debian pool. I'd prefer to turn the CPAN module into a .deb along with all of its dependencies, than to use perl -MCPAN -e shell to install them in the Perl directories and /usr/bin/ ones. I could try setting up a Debian installation at home (I have Kubuntu on a separate partition if it helps), and compile it there and then upload it to the server and install it as root from dpkg. > > 2. I'd like to convert the mailing lists from ezmlm to something like > > Siesta: > > > > http://www.perl.com/pub/a/2004/02/05/siesta.html > > > > ezmlm works only on qmail, and moving a mailing list to a different > > prefix or domain is practically an impossible task. > > it's a matter of editing 3 or 4 files. the impossible task is telling > everybody that their list has moved to a different domain and the > subscription mechanism has changed too. what happened to the good old > "don't touch what works, 'cause what you touch won't work"? > ezmlm has many issues: 1. It only works on qmail, and so limits our choice of mailing list managers in the future. 2. It hard-codes the mailing list prefix and domain name in a gazillion different places, and makes them impossible to change. I'd like to set up Siesta or whatever there, use it for new mailing lists, and gradually convert the mailing lists to it one by one. > > 3. After, the conversion to Siesta or whatever is done, I'd like to ditch > > qmail for postfix. qmail is not too bad, but its license is very > > problematic, and not being free software, makes us look really bad. > > postfix is also nice. > > please show refferences to "us looking bad" please? > There were several discussions about it. > was your car egged? > was somebody insulted publicly or privately? > was the machine cracked and defaced to say "qmail lovers" on the site? > Did the government ignore our requsts again because of that? > Did the police frame you for growing pot because you run Qmail? > > > For other anti-qmail discussion see: > > > > http://perl.org.il/pipermail/perl/2004-October/005989.html > > > > http://discuss.joelonsoftware.com/default.asp?joel.3.72853.10 > > yeah yeah... It's not perfect. Nobody is. Your inflated list of spun > reasons can be refuted one by one, if it was the main point... > Maybe it can. Yuval tried and failed. So did the JoS guys most of whom happened to agree with me. Please don't, I have better things to do with my time. > however: > > A. it's already running on Eskimo Right. > B. it has no security problem records for almost a decade There was an integer overflow bug in it reported on LWN.net. Could crash it. However, it is no longer maintained, and if one security problem will be discovered, you can expect all hell to break lose. > C. people are used to it just being there. working the way it does. > That would be me, Tzafrir and Shachar. I know qmail more than I do postfix, but wouldn't mind learning postfix. (I've already used it for my own personal machine at home, and it works beautifully). I think Tzafrir knows postfix, and as for Shachar - he should voice his opinion now. Originally it was you who installed qmail on eskimo, but now you no longer doing any admin work there as far as I'm aware. > I guess you must really be bored. If you manage to do this while having > fun, hurting no people or activities on the way, and keep the same > levels of web and CLI control as now, then go right ahead. Somehow I > can't see the point, but then again, sysadministration hasn't been "fun" > for me in years. you're lucky in that respect I guess. I'm not entirely fond of sys admining, but I guess it's OK. And the "thank you"'s are receive once I resolve the problem, are food to the soul. Regards, Shlomi Fish --------------------------------------------------------------------- Shlomi Fish [EMAIL PROTECTED] Homepage: http://www.shlomifish.org/ Tcl is LISP on drugs. Using strings instead of S-expressions for closures is Evil with one of those gigantic E's you can find at the beginning of paragraphs.
