[CentOS] How to get additional packages? How secure is Yum?

nate centos at linuxpowered.net
Mon Jul 21 15:35:06 UTC 2008

Manuel Reimer wrote:
> Hello,
> I'm coming from Slackware and I'm searching for another distribution to run
> on my desktop and in near future also on a server.
> The *top priority* for me is security!
> I've test-installed CentOS on one of my test systems. So far anything went
> OK. After trying a bit, I would like to ask some questions:
> - What is the suggested way to get *secure and trusted* additional packages?
> I don't want packages packaged by "someone" who doesn't have the required
> experience and who doesn't do the packaging on a dedicated "build host"
> which isn't used for anything else than building packages.

Security is pretty important for me too. For this, and other reasons
I never point yum to 3rd party repositories. I only run CentOS/RHEL
on servers. I run Debian on desktops(due to larger package selection
and still long release cycles for stable). And usually Ubuntu on
laptops(for more current hardware support).

With that in mind, the 3rd party packages I get I inspect the version
numbers by hand, and I build the source rpms myself, and install them
via RPM (not via yum). I use a lot of src rpms from Dag's site for
example. There aren't many 3rd party packages that are installed that
are remotely accessible, and my systems have only trusted local users.
Due to this I don't need to update the 3rd party packages very often
(some, such as perl modules I don't even update).

To-date anyways it has provided me with minimal hassle. There is some
extra work up front building packages, depending on the size of
your environment(mine is several hundred systems), the extra work is
well worth it.

If security is a top priority, and you really want to use CentOS/RHEL,
then don't use 3rd party packages, period. Otherwise I suggest you
find a distro that supports the applications you wish to run directly
or maintain them yourself.

And of course security/stability rarely means having the latest version.


More information about the CentOS mailing list