[Asterisk-Users] Asterisk 0.7.1 RH 7.3 RPMS Released

Greg Boehnlein damin at nacs.net
Thu Jan 22 11:48:22 MST 2004 

On Thu, 22 Jan 2004, WipeOut wrote:

> Ken Godee wrote:
> 
> >>> This is great to see.. but why RH7.3 (or RH8 for that matter) since 
> >>> it has already been EOL'ed by RH??
> >>
> >>
> >>
> >> Couple of reasons..
> >>
> >> 1. It is a stable, known quantity that uses solid components and 
> >> closely mirrors the environment that a lot of people develop Asterisk 
> >> on. It isn't going to drastically change, so those wishing to deploy 
> >> it in production may look to RedHat 7.3 as a stable platform for that 
> >> purpose.
> >>
> >
> > I agree, keep up the good work.
> >
> > I personally don't see any reason to upgrade atleast until the
> > 2.6.x kernel is well underway. Maybe that's just me, hell I'm
> > still running a 4.11 Novell server and a SCO Open server that hasn't
> > been touched since y2k upgrades.
> >
> I am guessing your systems are not connected to the internet then.. :)

I am, but I am also intelligent enough to firewall systems and properly 
secure them, no matter what distribution I run.
 
> The problem with running servers based on RH 6.x, 7.x and 8 is that RH 
> is not providing errata (security specifically) updates any more.. If 
> you servers are not connected to the internet then, sure stay with the 
> versions that are working for you, but if you have you server live on 
> the internet for ant reason then this is a big issue..

No it isn't. If you follow best practices for your system, remove all 
unneccessary packages, and properly firewall it, you are at no greater or 
lesser risk than any other version of RedHat.

Take a look at the following:
http://www.nacs.net/~damin/linux-best-practices.pdf

> I realise that many vulnerabilities require local access but I am still 
> not going to take the chance.. I want my servers as safe as possible, 
> and if that means running the latest versions of whatever then thats 
> what I am going to do.. :)

Take a look at the number of exploits that are available for RH 8 and 9, 
and how quickly they are mounting up, and then rethink that statement. 
There are more exploits being targeted at these platforms, in a shorter 
period of time, than 7.3 and the earlier versions.

Personal opinion here, but if you are relying on RedHat to be your 
security provider, you have no business administering a system connected 
to the Internet. Sure, they make it easier, but common sense and a solid 
understanding of the applications and code that your system is based on 
are a hell of a lot more comforting.

-- 
    Vice President of N2Net, a New Age Consulting Service, Inc. Company
         http://www.n2net.net Where everything clicks into place!
                             KP-216-121-ST

More information about the asterisk-users mailing list