audit is important, however as many people have already mentioned, there are
tools designed specifically for auditing, and if you really want a secure
system, you need to use them anyway. RPM is no substitute.
It basically comes down to this: If redhat is as security-conscious as it
claims to be (or at least as security-conscious as some people on this list
claim it is), they would have found a way to include qmail in their OS.
Whether this involved creating a specific set of UID's to use for qmail (which
debian does btw), making symlinks, whatever. Spite, in general, is not a good
reason to decrease your security.
Personally, I feel that if in order to get qmail included in RedHat, it needs
to be dumbed down so that Joey Hacker who just got his first Linux CD can
install it, and if that dumbing down involves adding more code to qmail, that
it's not really worth it. Red Hat stock still has way better security than
Win95, even with Sendmail installed.
If they want to do even better, they should limit the number of services and
SUID root programs that they are installing by default (NFS? imapd?
sendmail? abuse??) People on home boxes generally don't need an MTA anyway,
they can use their ISP's. And people who aren't beginners will be easily able
to install these packages.
--Adam
-----Original Message-----
From: Sam <[EMAIL PROTECTED]>
Cc: [EMAIL PROTECTED] <[EMAIL PROTECTED]>
Date: Wednesday, December 23, 1998 1:02 PM
Subject: Re: Frivolous forking
:On 23 Dec 1998, Scott Ballantyne wrote:
:
:> arrangement. The arguments seem to reduce to people saying that they
:> either can't use RPM to install qmail or they can't use RPM to do
:> security audits, neither of which sound like very strong arguments to
:> me.
:
:That's your viewpoint. For me, the ability to do a security - "integrity"
:would actually be a better word - audit is important.
:
:
:
