Re: Frivolous forking

Wed, 23 Dec 1998 13:04:56 -0500 

You've got some interesting reasoning here...

> From:  John Gonzalez/netMDC admin <[EMAIL PROTECTED]>
> Date:  Wed, 23 Dec 1998 10:32:43 -0700 (MST)
>
> 3. BEGINNERS that just want to get up and running AFAP
>       (which, shouldnt be installing mission critical software on an
> open internet system that can potentially affect all of us.)

They're going to do it anyway.  Given this, why shouldn't they be able to run 
as secure of a system as possible?

> 4. This has been proved OVER and OVER again. Redhat systems are not only
> the most hacked systems (that would be obvious, since most distributions
> sold are redhat) but they also have the "less educated" level of users.
> I'd say roughly 90% of all systems hacked are redhat systems. They are
> shipped vulnerable, and the user never knows enough to upgrade their
> systems. They get hacked, their upstream pulls the plug, they
> format/reinstall, and get hacked again, and never figure out what's going
> on.

The entirety of your point 4 follows from the fact that "beginners" are 
installing systems.  They install RedHat because it's easy.  It's easy in 
large part because of RPM.  To insist that everybody who runs anything on the 
Internet read and understand all the source code would be absurd; it's almost 
as absurd to insist that anybody who puts a Unix box on the net know how to 
install qmail on day one.  So, given this, people are going to run some 
version of Unix and they're not going to fully understand what they're doing.  
This version of Unix happens to be RedHat, but if it wasn't RedHat it would be 
something else.

One thing that RPM provides is an easier way to do upgrades.  Wouldn't it be 
better if these "beginners" were automatically notified that there's a 
security update to their mail program and they should push the stupid little 
button that corresponds to an "rpm -U qmail*rpm" than to expect them to build 
the software by hand (and probably forget rcpthosts along the way)?

Chris

-- 
Chris Garrigues                 Deep Eddy Internet Consulting
+1 512 432 4046                 609 Deep Eddy Avenue                    O-
http://www.DeepEddy.Com/~cwg/   Austin, TX  78703-4513

  My email address is an experiment in SPAM elimination.  For an
  explanation of what we're doing, see http://www.DeepEddy.Com/tms.html 

    Nobody ever got fired for buying Microsoft,
      but they could get fired for relying on Microsoft.

PGP signature

Reply via email to