On 07/18/2014 02:19 PM, Ned Slider wrote:
I note EPEL has a thunderbird package but it seems very out of date at version 24.5.0. Version 24.6.0 was released 10 June, nearly 6 weeks ago, and fixed 3 critical security issues. Is this normal for EPEL to be so far behind on security updates?
So what is everyone else using?
I'm using the EPEL package for my personal laptop. The odds of me getting bit by a 6 week old exploit are probably almost non-existent. The odds of me forgetting to keep a custom install of thunderbird updated outside of yum is very high.
I'm far from any kind of security expert, but here are two things I do to keep my browser/email client safe:
1. I only use gmail - as Google likes to scrub all of my data clean before they steal it
2. I install a custom hosts file ( http://someonewhocares.org/hosts/ ). This protects all applications in one swoop, not just the browser.
I don't use any adblock browser/email plugins because I've never investigated where the list of re-directs are stored on the machine. Perhaps they are harmless... but it would be easy to place a few re-directs in there and get millions of machines to do bad things real fast.
~ Chris