[Subject Prev][Subject Next][Thread Prev][Thread Next][Subject Index][Thread Index]

Re: was [LI] c compiler -> recompile vs Binary distributions

To: linux-india@xxxxxxxxxxxxxxxxxxxxx
Subject: Re: was [LI] c compiler -> recompile vs Binary distributions
From: Sudhakar Chandrasekharan <thaths@xxxxxxxxxxxx>
Date: Tue, 16 Nov 1999 11:24:32 -0800
Organization: Only Available on a Need To Know Basis
References: <Pine.LNX.4.10.9911150139100.1154-100000@suman.greenfields.universe> <018c01bf2fa0$dc3077e0$9570c5cb@TopGun>
Reply-to: linux-india
Sender: owner-linux-india@xxxxxxxxxxxxxxxxxxxxx

Shanker R Swaminathan proclaimed:
> The foremost reason why you have to have the source is because , for a
> production enviornment ,which you refer to repeatedly, you need to be
> vigiliant about bug fixes and security breaches( i certainly hope any
> concentious admin is). The patches are distributed in source form only . For
> binary patches , move over to windows!:-). Do you now agree that having the
> source and recompiling with the latest patches is *nescessary* for a
> production enviornment!Any old kernel or daemon or infact any old package in
> a server is a sucker waiting for an attack to come , as the breaches
> possible are well documented in the various logs, security advisories,
> bugtrack and the announcement lists of the various distros. And the world
> still has a lot of hackers yet!:-)

I tend to disagree.  Purely because of the practical difficulties in
keeping up to date with the bug reports and patches against the various
software on your system.

A minimal production machine would have a 50+ pieces of software packages
installed.  Let us assume that of these 20 packages are prone to crackage. 
Assuming that on average 1 bug gets reported against a crackable package
every 6 months, you have to deal with 40 patches and recompiles every
year.  That amounts to about 1 patch / recompile per week.  And it is very
difficult to keep track of what is installed on your system and the latest 
vulnerabilities.  If you are part time sys admin of a machine imagine the
time that needs to be spent!

With a distribuion the advantage is there is a package maintainer who is
vigilant about the vulnerabilities in the software they package.  You, as a
user, let the maintainer worry about the fixes.

This works especially well in the Debian model where upgrading packages is
as easy as typing 'apt-get update; apt-get upgrade'

But I do agree with your other point that distros are becoming bloated. 
The solution I found for this was to install the base system and then only
install packages when I needed them.

Thaths
-- 
   "English.  Pfft.  Who needs that?  I'm never going to England."
                      -- Homer J. Simpson
Sudhakar C13n http://people.netscape.com/thaths/ Lead Indentured Slave
--------------------------------------------------------------------
The Linux India Mailing List Archives are now available.  Please search
the archive at http://lists.linux-india.org/ before posting your question
to avoid repetition and save bandwidth.

Follow-Ups:
- [LI] system shutdown
  - From: Rohit

References:
- Re: [LI] c compiler
  - From: Gurunandan R. Bhat
- Re:was [LI] c compiler -> recompile vs Binary distributions
  - From: Shanker R Swaminathan

Prev by Subject: Re:was [LI] c compiler -> recompile vs Binary distributions
Next by Subject: Re: Was [LI] Linux Virus scanners.; _Now futility of closed encryptation methods
Previous by thread: Re:was [LI] c compiler -> recompile vs Binary distributions
Next by thread: [LI] system shutdown
Index(es):
- Subject
- Thread