[CentOS] compilers a security risk?

Sat Mar 6 23:02:01 UTC 2010
Dave Stevens <geek at uniserve.com>

I manage a web hosting server that we've recently upgraded, in part so  
we could accommodate a domain that will enable community mapping. In a  
recent exchange of mails one developer said:


"I could build the package directly on the server machine you have,
provided that the potential security risk posed by having compilers
installed is not an issue."

and another said:

"What sort of security risk is there in having compilers installed on a
working server?

"Obviously we can remove the compilers, however when Mapserver or postgis
get updated, we will need to build new packages somewhere. One option:
create a second VM for mapchat. We'll put the build environment on it,
and only turn it on to make new packages."

I don't have enough experience to assess the security issues. Does  
anyone have an opinion on this? It would be simple and feasible to  
allocate another domain as suggested above.

Dave


-- 
"It is no measure of health to be well adjusted to a profoundly sick society."
   Krishnamurti