I can't understand exactly what these security updates do? Why is there a need to have a security update?
-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1
thus Ritika Garg spake:
I can't understand exactly what these security updates do? Why is there a need to have a security update?
YMMD.
From: Giles Coochey giles@coochey.net
On Mon, October 11, 2010 13:36, Ritika Garg wrote:
I can't understand exactly what these security updates do? Why is there a need to have a security update?
What is your IP? :-D
Keep this information secret, but I think his IP is 127.0.0.1 ... And there's no firewall!!! ;P
JD
On 10/11/2010 9:17 AM, John Doe wrote:
From: Giles Coocheygiles@coochey.net
On Mon, October 11, 2010 13:36, Ritika Garg wrote:
I can't understand exactly what these security updates do? Why is there a need to have a security update?
What is your IP? :-D
Keep this information secret, but I think his IP is 127.0.0.1 ... And there's no firewall!!! ;P
JD
Too funny JD!
But, not to mention that for most Linux distros, source is available, so finding bugs in theory is easier. This leads to the theory that the code has been more deeply tested (snooped) and repaired leading to a most robust end product.
Secure? Yes, as long as you apply the updates as needed. You can always read about why there is a patch and decide if it is applicable to your situation.
John Hinton
On Tue, Oct 12, 2010 at 06:11:49PM -0400, John Hinton wrote:
Secure? Yes, as long as you apply the updates as needed. You can always read about why there is a patch and decide if it is applicable to your situation.
Somewhat related to this, does anybody know (or have links to) what work, if any, is happening with the yum security plugin? The only information I could find was some posts from Karanbir from last year, basically saying it was a low priority because it'd be a lot of work. (I'd be willing to help if I knew more about what help was needed.)
--keith
Keith Keller wrote on 10/12/2010 06:35 PM:
Somewhat related to this, does anybody know (or have links to) what work, if any, is happening with the yum security plugin? The only information I could find was some posts from Karanbir from last year, basically saying it was a low priority because it'd be a lot of work. (I'd be willing to help if I knew more about what help was needed.)
Getting pretty far OT on an already rambling thread, but if you really want to help then centos-devel is the proper place to volunteer.
Phil
On 11/10/10 11:30 PM, sync wrote:
I have the same problem on it . Isn't the CentOS very safe?
*Sigh*
If you don't update it then it won't remain so. It's like buying a brand new deadlock for the door to your house and then leaving the door wide open when you go out. Chances are that sooner or later your stuff will get stolen and the place will get trashed.
Regards, Ben
Am 11.10.10 14:30, schrieb sync:
I have the same problem on it . Isn't the CentOS very safe?
Okay, I'll bite.
From time to time there are bugs found in the software which CentOS
ships. These bugs can lead your code to crash, your machine to be denied of service as the process which has the bug takes up all system ressources or even can lead to others being able to run code on your system (which some bugs being able to do so as root).
Security updates fix those flaws in the Software which CentOS ships, so you are advised to install those.
Regards,
Ralph
At Mon, 11 Oct 2010 20:30:04 +0800 CentOS mailing list centos@centos.org wrote:
I have the same problem on it . Isn't the CentOS very safe?
If you apply ALL of the security updates as they become available. ALL O/Ss have security updates from time-to-time (what do you think those MS-Windows 'Service Packs' are?).
In the case of CentOS (and Linux in general), the security updates are generally released *before* some cracker writes an exploit, where as with MS-Windows the updates show up like 6 months *after* some cracker has trashed a zillion PCs and recuited them into an army of zombies and incorporated them into a botnet.
The reason for the more timely updates with Linux is that it is open source, and "with enough eyeballs, all bugs are shallow" (I am not totally sure if this is a quote from Eric Raymond or Linus Torvalds). There are *lots and lots* of people looking over the code looking for mistakes (bugs). There are *always* bugs in any non-trivial piece of software -- no non-trivial piece of software is perfectly bug free. Us programmers *try* to write the best code we can, but sometimes stuff slips through the cracks... The operating system itself (the kernel) is a very complex piece of code. Plus there are all of the additional bits and pieces that people use for everyday tasks, many of these pieces of software are fairly complex all on their own.
Also, since Linux is not a monolithic blob (like MS-Windows), much of the everyday software is maintained by a whole batch of different people and each piece of software has a different schedule of update releases, so there are updates (security and otherwise) released at different times. Red Hat / the CentOS team release these updates as soon as they become available (and have been quality tested, etc.).
MIME-Version: 1.0
CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
On Mon, Oct 11, 2010 at 2:30 PM, sync jiannma@gmail.com wrote:
I have the same problem on it . Isn't the CentOS very safe?
CentOS (RHEL 5) is one of the most secure operating systems worldwide.
Best regards,
Morten
-
Ben McGinnes -
Giles Coochey -
John Doe -
John Hinton -
Keith Keller -
Morten P.D. Stevens -
Phil Schaffner -
Ralph Angenendt -
Ritika Garg -
Robert Heller -
sync -
Timo Schoeler