[CentOS] Re: crypto, readline and zlib libraries - Postgres install

Tue Mar 4 16:57:34 UTC 2008
Les Mikesell <lesmikesell at gmail.com>

Scott Silva wrote:
>>>
>> ("User" installations on FreeBSD  gets you standard development 
>> libraires and the C compiler.  I am beginning to understand that 
>> CentOS looks at this more like Windows - the "base load" is in fact 
>> just a runtime with NOTHING development-related in it....)
>>
> But it isn't always prudent to have a full development environment on a 
> "server". The safe bet is to have a devel box as far as it can be from 
> the internet, and servers only have what they need to function. If a 
> server is compromised, no devel means it is at least slightly more 
> difficult to compromise the system. The more on a server, the more 
> "potential" security holes that might sneak in.

Better yet, find the yum repository where binaries are already built and 
maintained and set up the server so all it needs to do is 'yum update' 
to keep those holes fixed.  And in the unlikely event that you need 
something no one else has built, set up your own yum repository between 
your development and production servers.

-- 
   Les Mikesell
     lesmikesell at gmail.com