Matthew Burgess wrote: > With a number of high-profile server compromises recently, I'd much > rather I was able to ensure the relative security of the server by being > able to do something like 'yum update' than having to keep abreast of > software vulnerability announcements/fixes and then manually compiling > and installing them. With the multiple uses that quantum is put to (I > understand it has non-LFS related services running on it), I am wary of > upgrading anything in case I break something for those users. Yes LFS > folks, you can infer from that that I couldn't care less if I break > stuff for you :)
There are a couple of issues here. First, having a standard distro such as Debian of Fedora increases the knowledge of an intruder. The locations and contents of files is more consistent than in a custom system like LFS. Just the fact that we don't use modules or initrd is a significant difference from a common commercial distro. Second, AFAIK, the high visibility break ins all are related to compromise of local users. On a system like lfs, we really don't have a lot of users so the potential is much less. Only 39 people have ever logged in and there are only 6 people with admin privs. -- Bruce -- http://linuxfromscratch.org/mailman/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
