[CentOS] Pyhton Install location/building rpm

Johnny Hughes mailing-lists at hughesjr.com
Fri Mar 10 16:10:40 UTC 2006


On Thu, 2006-03-09 at 23:58 +0530, Sanjay Arora wrote:
> On 3/9/06, Karanbir Singh <mail-lists at karan.org> wrote:
> 
> > consider this -> there are a lot of apps that require and are bound to
> > the python version distributed within centos itself. An updated python
> > will almost never make it into any of the centos repositories. if you
> > really really need an updated python, look at the pyvault repo. And
> > remember, you will move a significant number of system components from
> > centos away to pyvault's repo. Your upgrade path and security fix patch
> > for these pkgs and components will also no longer be centos.
> >
> 
> I did not consider this. CentOS was a delibrate choice as it offered a
> tested system. Now, requirement of Plone is getting me to upgrade to
> Python 2.4
> 
> My question is:
> - Pyvault Repo - as the repository is offering the latest Python, the
> focus must be on introducing the latest software, it would become
> vulnerable to untested bugs, just as Fedora would be?
> 

Absolutely, it would be would only be as secure as the people providing
the patches.

> - Regarding Leonel's suggestion of installing a second copy of Python
> into /opt from source & zope/plone into the same...what security risk
> would I be inviting? I don't want to compromise the entire machine, as
> it would be on the web & prone to at least the automated probe based
> attacks, assuming I am not important enuff to be attacked for my own
> sake.

This is the only way I would do it ... you do not want to try to upgrade
python on a RH based distro.  Yum, up2date, rpm, all the system-config-*
packages, etc. would fail to funtino properly unless python 2.3 is
present.

It would still present security problems ... you will need to track and
add all the security updates yourself for this directory.

> 
> - I am currently experimenting with Xen. Would moving the machine to a
> Xen Kernel build & using the standard Centos version for mail & web in
> one dom and the newer python with zope/plone on second, be a better
> security model? I am assuming Xen based kernel won't introduce any new
> vulnerabilities into the Centos...am I correct?

That would be a good idea ... people might still compromise the other
section, but they would not have access to your other install.

> - Or should I get a seperate machine for the Plone CMS altogether,
> though it would be a waste of resources, because both machines will
> have little load for at the very least a year.
> 
> - Can anyone suggest a Distro, that is has latest python but has a
> slower release schedule than Fedora & is solid from the point of view
> of releasing only stable versions of softwares. I want to consider
> this as an option for a seperate Plone machine.

Not that I know of ... Enterprise is Enterprise ... cutting edge is
cutting edge :)

> 
> -OR can anyone suggest a CMS that works with postgreSQL and offers a
> full workflow model like plone & is as versatile. I would not mind
> replacing proposed installation plone & remain with Centos, if I can
> find something as good. I already don't like Plone's half-heated
> support of postgreSQL and its trying to invent its own web-server
> instead of using apache, which is rock-solid.
> 

-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.centos.org/pipermail/centos/attachments/20060310/b30faaca/attachment.bin


More information about the CentOS mailing list