TCLUG Archive
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [TCLUG:23152] Installing Red Hat



On Thu, 26 Oct 2000, Timothy Houck wrote:
> I couldn't help but grimace at your post.  No offense.
> 
> With such a system, I can see a whole new crop of cracker attacks as a
> result of such ever-user-friendly, "plug-and-play"ish packages.  IMHO,
> there is a point at which a system automates itself beyond a safe point --
> trying to be more friendly to inexperienced (lazy? maybe) users.  This is
> the whole reason we have ridiculous things like macro viruses.

Debian actually goes through and prompts you for configuration information
when you install deb's that require it. (eg, anything like exim, sendmail,
etc). And if you decline to configure it, the package will not start up
until you do.

> In contrast, I would encourage the download and compilation of the
> sources.  Aside from what's in the compiler itself, this is total
> control.  As slick as debs or rpms are, I can't help but feel as though
> they're sloppy and a "lazy" method for running (supposedly) trusted
> executables.

Why are they "sloppy" and "lazy"? For 99% of the programs, you end up with
the exact same binary that you would building it on your box. I agree that
you can run into problems (especially with RPM) of not having default
configurations that are insecure, but if you are a competant sysadmin,
only install the packages you need, and configure those packages properly,
you really end up with the same end result.

Also, what about the issue of upgradability? Would you really want to go
around and compile everything on every box you admin? Would you really
want to have a compiler on, let's say, a production server?

I occasionally get stuck doing routine upgrades for a large number of
(Redhat) boxes. Without RPM's, it would be a long and tedious
process. With RPM, I can just scp the RPM's over, and run rpm -Fvh
*.rpm.. of course, most of the RPM's I install are custom-rolled, to
guarantee that configuration will not be overwritten and such.

-- 
Nate Carlson <natecars@real-time.com>   | Phone : (952)943-8700
http://www.real-time.com                | Fax   : (952)943-8500