Re: How to get additional packages? How secure is Yum?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Manuel Reimer wrote:
"nate" wrote:
Security is pretty important for me too. For this, and other reasons
I never point yum to 3rd party repositories. I only run CentOS/RHEL
on servers. I run Debian on desktops(due to larger package selection
and still long release cycles for stable). And usually Ubuntu on
laptops(for more current hardware support).

Debian? Didn't they have a *pretty* dangerous hold in their SSL packages just some weeks ago?


Well, that could have happened to anyone. In this case it happened to Debain. All DNS since the beginning of the internet has just been declared totally unsafe on Linux and Windows and Mac too, stuff happens.

Especially if it gets to security, I don't think that Debian is a good solution. AFAIR they also got their servers hacked several times for several different reasons. Not very trustworthy, IMHO. And those political discussions *suck*! For example I want "Firefox" and *not* "Iceweasel".


Any server can be hacked ... Debian is a fine system, as are many others. What CentOS offers is long support lifetimes and a known base that many other enterprise things are desgined to run on because of the upstream provider. We won't engage in cutting down other distros ... ours is what it is and millions of people use it.

If security is a top priority, and you really want to use CentOS/RHEL,
then don't use 3rd party packages, period. Otherwise I suggest you
find a distro that supports the applications you wish to run directly
or maintain them yourself.

I'm searching for a distribution for several *months* now and so far I couldn't find something that fits my needs...

CentOS seems to be pretty well done, but the amount of packages that is delivered with it definetly doesn't fit all needs. Today, I tried to set up a server with CentOS (VMWare server). Worked pretty well, but for installing the NTFS driver, I had to import the rpmforge repository...


CentOS is a direct rebuild of the package versions available from RHEL, that is our main purpose.

We do have some very minimal things is some other repositories called CentOS Extras and CentOSPlus ... but the purpose of those is usually to provide something that is not in the major 3rd party repos. We have no desire to duplicate the 3rd party repos.


And of course security/stability rarely means having the latest version.

Of course.

Am I on the right list? Not very much answers, so far...


There really are not any good answers ... RPMForge (Dag's repo) is a very good resource, but it is not part of CentOS.

There is also EPEL and ATrpms and KBS CentOS extras.

As others have said, if the 3rd party repos do not meet your requirements WRT security updates, then you will have to research and build your own.

Thanks,
Johnny Hughes

Attachment: signature.asc
Description: OpenPGP digital signature

_______________________________________________
CentOS mailing list
CentOS@xxxxxxxxxx
http://lists.centos.org/mailman/listinfo/centos

[Index of Archives]     [CentOS]     [CentOS Announce]     [CentOS Development]     [CentOS ARM Devel]     [CentOS Docs]     [CentOS Virtualization]     [Carrier Grade Linux]     [Linux Media]     [Asterisk]     [DCCP]     [Netdev]     [Xorg]     [Linux USB]
  Powered by Linux