RE: Installing Tomcat on Linux

2007-08-06 Thread Nelson, Tracy M.
| From: Vigorito, Nicholas E. [mailto:[EMAIL PROTECTED] | Sent: Thursday, 02 August, 2007 15:49 | | Here are some quotes from this person: | | I would never install open source from binaries on a machine I did not | want someone to break into. Cool, just get a copy of whatever tools he uses to s

Re: Installing Tomcat on Linux

2007-08-03 Thread Mark H. Wood
On Thu, Aug 02, 2007 at 05:51:27PM -0400, Steve Ochani wrote: > LOL, I would ask him if he sits there and examines all the code of > everything that is on his system. Ya know, I don't do that before I install most stuff, but I *do* tend to open the source kit and read it when I want the product to

Re: Installing Tomcat on Linux

2007-08-03 Thread Mark H. Wood
Well, the security argument depends more on "you *could*" than on "you *do*". Somewhere out there is someone crazy enough to comb through any given source kit looking for evil. Would any counterfeiter have the guts to set up his print shop on the sidewalk outside a police station? Much of securi

Re: Installing Tomcat on Linux

2007-08-03 Thread Bruno Harbulot
Hello, Peter Crowther wrote: From: Vigorito, Nicholas E. [mailto:[EMAIL PROTECTED] A coworker claims that all unix admins should never install open source binaries. They should build using the source. Binaries are marginally more open to tampering; this is why most (all?) Apache projects prov

RE: Installing Tomcat on Linux

2007-08-03 Thread Peter Crowther
> From: Vigorito, Nicholas E. [mailto:[EMAIL PROTECTED] > A coworker claims that all unix admins should never install > open source binaries. They should build using the source. Binaries are marginally more open to tampering; this is why most (all?) Apache projects provide checksums of the built

Re: Installing Tomcat on Linux

2007-08-03 Thread Gregor Schneider
Tomcat installing from source doesn't make *any* sense, not even on Linux. Why? Well, Tomcat is written entirely in Java. Therefore, you can download the binaries from the Apache website and check the KEYS (MD5-checksums). If they are ok, you can be sure nobody has tampered with. Building from s

RE: Installing Tomcat on Linux

2007-08-02 Thread Wade Chandler
> > > -Original Message----- > > From: > > > [EMAIL PROTECTED] > > > [mailto:[EMAIL PROTECTED] > > .o rg] On Behalf Of ben short Sent: Thursday, > August 02, 2007 4:44 PM > > To: Tomcat Users List Subject: Re: Installing > Tomcat on Li

Re: Installing Tomcat on Linux

2007-08-02 Thread Wade Chandler
Exactly. Wade --- Hassan Schroeder <[EMAIL PROTECTED]> wrote: > On 8/2/07, Vigorito, Nicholas E. > <[EMAIL PROTECTED]> wrote: > > Here are some quotes from this person: > > > > You are trusting that someone built the binaries > directly from the > > source code without any additional modificatio

RE: Installing Tomcat on Linux

2007-08-02 Thread Wade Chandler
; rg] On Behalf Of ben short > Sent: Thursday, August 02, 2007 4:44 PM > To: Tomcat Users List > Subject: Re: Installing Tomcat on Linux > > I would question his reason for this statement > > A coworker claims that all unix admins should never > install open source

RE: Installing Tomcat on Linux

2007-08-02 Thread Steve Ochani
ECTED] > [mailto:[EMAIL PROTECTED] > .o rg] On Behalf Of ben short Sent: Thursday, August 02, 2007 4:44 PM > To: Tomcat Users List Subject: Re: Installing Tomcat on Linux > > I would question his reason for this statement > > A coworker claims that all unix admins should never

Re: Installing Tomcat on Linux

2007-08-02 Thread Christopher Schultz
-BEGIN PGP SIGNED MESSAGE- Hash: SHA1 Nicholas, Vigorito, Nicholas E. wrote: > You are trusting that someone built the binaries directly from the > source code without any additional modification or back-doors built in. True. But then again, you are trusting commercial companies to do th

Re: Installing Tomcat on Linux

2007-08-02 Thread Hassan Schroeder
On 8/2/07, Vigorito, Nicholas E. <[EMAIL PROTECTED]> wrote: > Here are some quotes from this person: > > You are trusting that someone built the binaries directly from the > source code without any additional modification or back-doors built in. Flip side: you have gone through the *entire source

Re: Installing Tomcat on Linux

2007-08-02 Thread Hassan Schroeder
On 8/2/07, Vigorito, Nicholas E. <[EMAIL PROTECTED]> wrote: > A coworker claims that all unix admins should never install open source > binaries. They should build using the source. > > Looking for a concensus. Is it ok to install the Tomcat binaries or > should I build using the Tomcat source the

RE: Installing Tomcat on Linux

2007-08-02 Thread Vigorito, Nicholas E.
ssage- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] rg] On Behalf Of ben short Sent: Thursday, August 02, 2007 4:44 PM To: Tomcat Users List Subject: Re: Installing Tomcat on Linux I would question his reason for this statement A coworker claims that all unix admins should never install

Re: Installing Tomcat on Linux

2007-08-02 Thread ben short
I would question his reason for this statement A coworker claims that all unix admins should never install open source binaries. They should build using the source. On 8/2/07, Vigorito, Nicholas E. <[EMAIL PROTECTED]> wrote: > I am going to install Tomcat standalone (not fronted by Apache) on

Installing Tomcat on Linux

2007-08-02 Thread Vigorito, Nicholas E.
I am going to install Tomcat standalone (not fronted by Apache) on a Linux box that will eventually be opened up to small portion of the outside world. I am a developer and as such haven't ever done anything with Tomcat except install the binaries on my Windows machine and run it locally for devel