SLUG Mailing List Archives
Re: [SLUG] upgrading complicated installs
- To: slug@xxxxxxxxxxx
- Subject: Re: [SLUG] upgrading complicated installs
- From: Peter Hardy <peter@xxxxxxxxxxxxxxxxxxxx>
- Date: Mon, 02 Jun 2008 12:44:31 +1000
I've managed to avoid taking part in this thread to date, mostly because
enough people have been beating the "FOR THE LOVE OF GOD USE YOUR
DISTRIBUTION'S PACKAGES" drum. And I'm not entirely sure this even
dignifies a response but hey, why not.
On Mon, 2008-06-02 at 10:06 +0800, jam wrote:
> Clarke 1 notwithstanding
> and as an elderly (damn not distinguished) I proclaim your concern/rant
> unadulterated balderdash
> The one about: if you build your own packages and don't pay attention then
> your linux box will contract plague etc.
> Frankly, no one I know, has ever had, or knows someone who has ever had a
> compromised linux box. Frankly I doubt if all of SLUG ever has ...
> Here compromised means: someone has taken control of the machine and is
> using it for some nepharious purpose eg spam DoS etc
Hi. Six. The majority handed to me by potential/new customers or friends
with servers that have started acting funny, the others resulting from
exploits in both inhouse and third party software. Oh, and one very
memorable case of an extremely weak user password.
All used for assorted nefarious purposes ranging from hosting IRC
servers/bots through to FTP drop boxes and DDoS zombies.
Quite a few of those were the direct result of software installed
outside of the distribution's package management system, and then never
updated, documented, or in some cases even used, again.
I don't have any significant issues with choosing to use software that
isn't provided by your distribution vendor. But packaging it up properly
means you've got an easily reproducible version that you can reinstall
when (*not* if) you want to expand or rebuild a dead box. And tracking
announce/security lists for said software is now completely mandatory,
no matter how much you might cry that these things never happen to you.