On Wed, November 5, 2014 8:31 am, Always Learning wrote: > > On Wed, 2014-11-05 at 06:01 -0600, Jim Perrin wrote: > >> As far as package installation goes, Jake outlined most things quite >> well. What's being ignored is that this depends on the package. These >> packages aren't maintained, so no one is checking them to see if there >> are security issues associated with them. If what you have installed is >> a service or application that is exposed to the outside world, then you >> have the possibility for exploit in the older, unmaintained version. If you are running multi-user machine you better assume that bad guys may be already inside. (Say, stolen password for some account). This means: you shouldn't have any local exploits as well (the ones allowing privilege elevation). And you should have things set up so that local DOS is impossible (e.g. no regular user can run the spool out of file handlers). > > Does that mean the source coding will be "lost" forever ? and if someone > in the future wants that functionality, they will have to re-invent the > 'wheel' ? > It depends on why package is not available anymore. There can be at least one of two reasons: 1. Code developer(s) stopped working/maintaining code for one reason or another. Well written code may still be usable for some half a year or so. Then one will need to find another software with similar functionality 2. Code developing team is still actively working on it, but packaging for some distribution is done by different people who stopped doing it. Then one can uninstall package, and install it from source. No need to stress that one has to subscribe for announcements code team sends (to make sure one doesn't miss important updates). Valeri ++++++++++++++++++++++++++++++++++++++++ Valeri Galtsev Sr System Administrator Department of Astronomy and Astrophysics Kavli Institute for Cosmological Physics University of Chicago Phone: 773-702-4247 ++++++++++++++++++++++++++++++++++++++++