Full Disclosure mailing list archives
Re: Re: a secure base system
From: martin f krafft <madduck () madduck net>
Date: Mon, 15 Mar 2004 22:50:34 +0100
also sprach Tobias Weisserth <tobias () weisserth de> [2004.03.15.2208 +0100]:
Which means that he has to a little bit more work because he can't *rely* on the distributor to supply patches in time. It's a trade-off.
Sure, it's a trade-off. But with the administrative tools provided by Debian, as well as the cleanliness of a Debian system, I'd choose that over OpenBSD anytime. After all, FHS-compliance and system integrity/cleanliness contribute a significant portion to security.
He'll have to stay informed himself if the Debian Security Team doesn't warn in time about critical packages in unstable or testing. Maybe it mustn't be this way and there are regular updates for unstable. But the Debian site itself advises against the use of unstable regarding the security issues.
I use testing on over 100 production systems and have never had a single problem. By the time that security updates make it to security.debian.org for stable, an updated version makes it to unstable. So I mix testing and unstable and only update when really necessary. This has treated me very well.
And concerning workstations: your security better shield a security problem on a workstation.Non comprende? ;-)
If, in a productive setting, you are concerned about remote exploits to your workstation, then you've got a whole different problem. Of course, exploits may still come from inside, but the risk should be relatively low since productive workstations should not be able to inflict any harm.
Though a lot of work if we're talking about workstations here...
Our productive workstations get installed once and stay like that for months. With the appropriate AIDE/Tripwire rulesets, that's not different than a server. -- martin; (greetings from the heart of the sun.) \____ echo mailto: !#^."<*>"|tr "<*> mailto:" net@madduck invalid/expired pgp subkeys? use subkeys.pgp.net as keyserver! who's general failure, and why's he reading my disk?
Attachment:
signature.asc
Description: Digital signature
Current thread:
- a secure base system harry (Mar 15)
- Re: a secure base system Jochem Kossen (Mar 15)
- Re: a secure base system Ron DuFresne (Mar 15)
- Re: a secure base system Maikel Verheijen (Mar 15)
- Re: a secure base system Fabrice MARIE (Mar 15)
- RE : a secure base system -> ADAMANTIX Abdelkader ALLAM (Mar 15)
- Re: a secure base system martin f krafft (Mar 15)
- Re: Re: a secure base system Tobias Weisserth (Mar 15)
- Re: Re: a secure base system martin f krafft (Mar 15)
- Re: Re: Re: a secure base system Tobias Weisserth (Mar 15)
- Re: Re: Re: a secure base system martin f krafft (Mar 15)
- RE : a secure base system -> ADAMANTIX Abdelkader ALLAM (Mar 15)
- Re: a secure base system Jochem Kossen (Mar 15)
- Re: a secure base system Alexander Bartolich (Mar 15)
- Re: a secure base system Valdis . Kletnieks (Mar 15)
- Re: a secure base system martin f krafft (Mar 15)
- Re: Re: a secure base system Tobias Weisserth (Mar 15)