John R Pierce wrote:
Joshua Gimer wrote:
From a security perspective I am not going to be held waiting for Red
Hat to release a new version or patch. I install primary packages
from source, this allows ME to decide when I want to install a new
version. It also allows me to have more control of the features that
I am installing with a package, not the ones that others have decided
to be useful.
Some people prefer the upstream approach, I personally do not. Just
my opinion, this is the advice that I give to even our Junior sys
admins. The attackers that actually know what they are doing, know
that people wait for a patches from the vendor; these are the people
that I am worried about recieving attacks from.
then why are you using RHEL/CentOS at all? Why not a source based
distro like Gentoo ?
I agree. The whole point of RHEL/CentOS is that the system is vetted by
people that know a lot more about the interactions of various pieces of
the puzzle than I do. Almost as importantly, they also track and
implement security patches and generally do so a LOT faster than you
could do so yourself....assuming you had the time, energy and (most
importantly) the skills to monitor the hundreds of mailing lists that
track problems in all the various puzzle pieces. So I don't compile
ANYTHING mission critical from scratch unless I absolutely positively
HAVE to and even then it is only as a last resort.
Cheers,
_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos
