[CentOS] Advise on RPM vs. Compiling source
Kevan Benson
kbenson at a-1networks.com
Thu Dec 7 17:56:16 UTC 2006
On Wednesday 06 December 2006 19:18, Feizhou wrote:
> Other than that I do not see any other advantage. Disadvantages to
> either method...none besides the rpm not offering the other features
> available. postfix has not had a security problem since one issue in
> version 1.x which is perhaps not too surprising given that Wietse is
> also the author of tcp_wrappers so you do not need to keep track of
> security holes unlike sendmail.
I'm going to play devil's advocate here and mention that just because the
postfix package itself hasn't had any security exploit, doesn't mean that
some of the required libraries it uses haven't allowed it to be exploited in
the past. I see that in some cases postfix builds against zlib, and there's
been exploits based on that in the past.
I'm not trying to say that postfix is insecure, just that saying it IS secure
and will continue to be so just because it has a good track record doesn't
exactly promote the best behavior be new administrators that may not be as
security aware as they should be in this job (I understand your point
though). Let's promote more security conscious and paranoid system
administrators through saying that every process that allows public access be
strictly audited on a regular basis. It truly will make the world a better
place.
--
- Kevan Benson
- A-1 Networks
More information about the CentOS
mailing list