On 07/18/2014 02:19 PM, Ned Slider wrote:
> I note EPEL has a thunderbird package but it seems very out of date at
> version 24.5.0. Version 24.6.0 was released 10 June, nearly 6 weeks ago,
> and fixed 3 critical security issues. Is this normal for EPEL to be so
> far behind on security updates?
>
> So what is everyone else using?
I'm using the EPEL package for my personal laptop. The odds of me
getting bit by a 6 week old exploit are probably almost non-existent.
The odds of me forgetting to keep a custom install of thunderbird
updated outside of yum is very high.
I'm far from any kind of security expert, but here are two things I do
to keep my browser/email client safe:
1. I only use gmail - as Google likes to scrub all of my data clean
before they steal it
2. I install a custom hosts file ( http://someonewhocares.org/hosts/
). This protects all applications in one swoop, not just the browser.
I don't use any adblock browser/email plugins because I've never
investigated where the list of re-directs are stored on the machine.
Perhaps they are harmless... but it would be easy to place a few
re-directs in there and get millions of machines to do bad things real fast.
~ Chris
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
