Home
| Calendar
| Mail Lists
| List Archives
| Desktop SIG
| Hardware Hacking SIG
Wiki | Flickr | PicasaWeb | Video | Maps & Directions | Installfests | Keysignings Linux Cafe | Meeting Notes | Blog | Linux Links | Bling | About BLU |
Hi Duane, I think "dsr" has some very good points but perhaps they could use some explanation for those not familiar with Bugtraq. On Fri, 2003-08-15 at 11:20, Duane Morin wrote: > On Fri, 15 Aug 2003 dsr at tao.merseine.nu wrote: > > Counterargument: Red Hat and Debian, among others, provide single-source > > fixes. > > Is this valid in general, so for isntance if the user was handed a CD with > Knoppix or Gentoo on it would they still have a single-source of fixes > available to them? Or is it strictly for the big distributions? > > Counterargument: 100 small holes vs 1 or 2 large ones? You haven't been > > reading Bugtraq. > > Should I be? Or will I be inundated? I'm no sysadmin, just a user (and > occasional writer). I don't know what your statement means. Just to > clarify my own terminology by "large" hole I was thinking "Of the sort > that makes the evening news." Hi Duane, "dsr" has some very good points but perhaps they could use some explanation for those not familiar with Bugtraq. Back a few years ago, standard Linux distros such as Red Hat were not terribly secure. They tended to turn on lots of services by default and then required "by hand" admin attention both for the initial setup and over time as new holes were found. These days, the Linux situation has changed in two big ways: 1) By default, most current Linux distributions are quite secure. Even inexperienced users are able to setup remarkably secure systems due to the "off-or-disabled -by-default" nature of most services. And the default firewalls shipped with major distros are quite capable. 2) Essentially all updates can be automated so that they require little or no manual attention by trained admins. Major distros such as Red Hat now include automated update services (eg. Red Hat's "up2date") that will, on a regular (often nightly) basis, download and apply security fixes. Security pros will often be heard repeating the famous "security is not a destination but a process" idea. Since bugs and holes will continue to be discovered in all products (including those from Microsoft and from the Free/Open-Source worlds) the automated updates approach of the major Linux vendors is certainly a good idea. Ed -- Edward H. Hill III, PhD office: MIT Dept. of EAPS; Room 54-1424; 77 Massachusetts Ave. Cambridge, MA 02139-4307 email: eh3 at mit.edu, ed at eh3.com URL: http://web.mit.edu/eh3/ phone: 617-253-0098 fax: 617-253-4464 -------------- next part -------------- A non-text attachment was scrubbed... Name: not available Type: application/pgp-signature Size: 189 bytes Desc: This is a digitally signed message part URL: <http://lists.blu.org/pipermail/discuss/attachments/20030815/72b781c5/attachment.sig>
BLU is a member of BostonUserGroups | |
We also thank MIT for the use of their facilities. |