On 07/19/2014 10:02 AM, Ned Slider wrote: > On 19/07/14 13:25, Chris Pemberton wrote: >> On 07/18/2014 02:19 PM, Ned Slider wrote: >>> I note EPEL has a thunderbird package but it seems very out of date at >>> version 24.5.0. Version 24.6.0 was released 10 June, nearly 6 weeks ago, >>> and fixed 3 critical security issues. Is this normal for EPEL to be so >>> far behind on security updates? >>> >>> So what is everyone else using? >> I'm using the EPEL package for my personal laptop. The odds of me >> getting bit by a 6 week old exploit are probably almost non-existent. >> The odds of me forgetting to keep a custom install of thunderbird >> updated outside of yum is very high. >> > Yes, the power of a centralized packaging system where everything can be > updated in one hit can not be understated. > > Firefox and Thunderbird do have a built in updating mechanism and are > supposed to update themselves (this is disabled in packaged versions). > I've no idea how well it currently works - I'll let you know when the > next update comes out. I am using the tarball for firefox and it notifies me when an update is available and ask if I want to install it. If I say yes it downloads it untars it and starts it up. So far it has worked great. I assume it is the same for thunderbird. >> I'm far from any kind of security expert, but here are two things I do >> to keep my browser/email client safe: >> >> 1. I only use gmail - as Google likes to scrub all of my data clean >> before they steal it >> >> 2. I install a custom hosts file ( http://someonewhocares.org/hosts/ >> ). This protects all applications in one swoop, not just the browser. >> > Yes, great advice. There's another popular variant here: > > http://winhelp2002.mvps.org/hosts.htm > >> I don't use any adblock browser/email plugins because I've never >> investigated where the list of re-directs are stored on the machine. >> Perhaps they are harmless... but it would be easy to place a few >> re-directs in there and get millions of machines to do bad things real fast. >> >> ~ Chris > _______________________________________________ > CentOS mailing list > CentOS at centos.org > http://lists.centos.org/mailman/listinfo/centos > -- Stephen Clark *NetWolves Managed Services, LLC.* Director of Technology Phone: 813-579-3200 Fax: 813-882-0209 Email: steve.clark at netwolves.com http://www.netwolves.com