>> We really use TSL's RPMs, it is really useful and easy, but for many >> years we have a local rule that every software which listens a port >> (i.e. accesible for everyone from Internet) should be customizely built >> from sources. Our policy claims that it's more suitable... VTH> Interesting policy! Written by a sysadmin labour union? ;) VTH> Security the reason behind it?
Well, it is rather not security (I trust Trustix), but possibility to configure everything just like we need, and take total control under updates. Since the most critical software on the server is Internet- related (and, selectively, some other daemons), "the rule" affects such software only. Just a way to have really finest and optimal configuration. And, also, there are some differences between what we use and what TSL offers. For example, we still use apache 1.3 and sendmail instead of postfix (not a TSL way, we know, but...). Best regards, Denis Solovyov _______________________________________________ tsl-discuss mailing list [email protected] http://lists.trustix.org/mailman/listinfo/tsl-discuss
