[CentOS] How to get additional packages? How secure is Yum?
Manuel.Reimer at gmx.de
Mon Jul 21 15:08:57 UTC 2008
I'm coming from Slackware and I'm searching for another distribution to run on my desktop and in near future also on a server.
The *top priority* for me is security!
I've test-installed CentOS on one of my test systems. So far anything went OK. After trying a bit, I would like to ask some questions:
- What is the suggested way to get *secure and trusted* additional packages? I don't want packages packaged by "someone" who doesn't have the required experience and who doesn't do the packaging on a dedicated "build host" which isn't used for anything else than building packages.
I tried the Dag-Repository. Seems to be well done and as Dag is member of the CentOS-Staff, I think his packages are trustworthy. Unfortunately I'm unsure if they are secure. For example there is a Drupal package which is *out of date*! So there should either be an update or the package maybe should be removed at all as it is a security hole! Is there a repository available which only has that much packages as the maintainer is able to keep secure?
- My second question is about:
Yum also seems to affected, so a malicious mirror would be able to downgrade a package on a server where it's suggested to be *upgraded* to a patched version.
When will Yum be fixed and what is the suggested way to get Yum more secure?
Thanks in advance for any answers.
() ascii ribbon campaign - against html mail
/\ - gegen HTML-Mail
answers as html mail will be deleted automatically!
Antworten als HTML-Mail werden automatisch gelöscht!
GMX Kostenlose Spiele: Einfach online spielen und Spaß haben mit Pastry Passion!
More information about the CentOS