Phishing - Linux boxes are vulnerable
Matthew Miller
mattdm at mattdm.org
Thu Oct 4 23:32:29 UTC 2007
On Fri, Oct 05, 2007 at 08:48:25AM +1000, Res wrote:
> 6. use a respected server OS, one that doesnt hack the f#ck out of
> programs like RH(CentOS) do
"Respected" is kind of a funny term here given RHEL sales, but let's let
that slide and look at the premise. One of the key tenets of Fedora is
"upstream, upstream, upstream". Hacking the "f#ck" out of packages is
strongly discouraged.
> 6a. use modern current packages of apache2, php5 and MySQL,Sendmail etc
> from the respective sites, and not by use of RPM's because its too
> "vendor altered" which is where 90% of the security issues come into
> it.
Do you have any data to back this assertion? I read every security
announcement from Red Hat / Fedora, and it's very rare that an issue is due
to a RH/Fedora change -- and in fact more likely that the issue being
patched isn't normally an issue on default systems due to compile defaults
and extra security features added by the distribution.
--
Matthew Miller mattdm at mattdm.org <http://mattdm.org/>
Boston University Linux ------> <http://linux.bu.edu/>
More information about the fedora-list
mailing list