[CentOS] Advise on RPM vs. Compiling source

Thu Dec 7 17:56:16 UTC 2006
Kevan Benson <kbenson at a-1networks.com>

On Wednesday 06 December 2006 19:18, Feizhou wrote:
> Other than that I do not see any other advantage. Disadvantages to
> either method...none besides the rpm not offering the other features
> available. postfix has not had a security problem since one issue in
> version 1.x which is perhaps not too surprising given that Wietse is
> also the author of tcp_wrappers so you do not need to keep track of
> security holes unlike sendmail.

I'm going to play devil's advocate here and mention that just because the 
postfix package itself hasn't had any security exploit, doesn't mean that 
some of the required libraries it uses haven't allowed it to be exploited in 
the past.  I see that in some cases postfix builds against zlib, and there's 
been exploits based on that in the past.

I'm not trying to say that postfix is insecure, just that saying it IS secure 
and will continue to be so just because it has a good track record doesn't 
exactly promote the best behavior be new administrators that may not be as 
security aware as they should be in this job (I understand your point 
though).  Let's promote more security conscious and paranoid system 
administrators through saying that every process that allows public access be 
strictly audited on a regular basis.  It truly will make the world a better 

- Kevan Benson
- A-1 Networks