[Asterisk-Users] Asterisk 0.7.1 RH 7.3 RPMS Released

Greg Boehnlein damin at nacs.net
Thu Jan 22 17:30:06 MST 2004 

On Thu, 22 Jan 2004, WipeOut wrote:

> >Personal opinion here, but if you are relying on RedHat to be your 
> >security provider, you have no business administering a system connected 
> >to the Internet. Sure, they make it easier, but common sense and a solid 
> >understanding of the applications and code that your system is based on 
> >are a hell of a lot more comforting.
>
> Dude, with all due respect take a look at point 11 on your best practice 
> PDF that you said I should read..

Yes. And if you are planning on using a RedHat 7.3 system, then turn to 
Progeny. If you use something along the lines of Debian, you don't have a 
"vendor" to deal with. Or become your own support mechanism and roll your 
own fixes by keeping up to date.

> I am not saying that I don't agree with your other points, I do, but the 
> fact still remains that the updates from the distro provider are vitaly 
> important to the running of a secure system in addition to the 
> firewalling, stopping of unused services, the removal of packages that 
> are not used and all the other things..

> Also to say that there are more vulnerabilities in the newer systems 
> seems a little odd to me since the newer systems are usually grown from 
> the older systems and generally if there is an exploit in a newer 
> package it is likely to be in the older one as well..

RedHat 8 and 9 add a lot more packages to the mix as well as use newer GCC 
and Glibc. "New" does not equal "More Secure". RedHat 8 and 9 are a pretty 
radical departure from the 7.3 train. Add new code, add new potentials for 
exploits. ;)

> Finally the fact that more exploits are discoverd in a shorter time 
> frame on the newer distro's is probably a testament to the fact that the 
> popularity of linux is spreading and growing almost exponetialy so it 
> stands to reason that more will be created and discoverd in a storter 
> time scale than before..
> 
> Anyway this is undoubtedly a topic that could go on forever with 
> everyone having an opinion, so I guess we can say that we each have out 
> own opinion about it and leave it there..

Yes.. and it's off topic, and just short of a flame war! ;) How about you 
grab the SRPMS that I posted and see if you can install / build them on 
RedHat 9.0 for us? :)

-- 
    Vice President of N2Net, a New Age Consulting Service, Inc. Company
         http://www.n2net.net Where everything clicks into place!
                             KP-216-121-ST

More information about the asterisk-users mailing list