[CentOS] CROSS-LIST Notice: Changes in EPEL

Valeri Galtsev galtsev at kicp.uchicago.edu
Wed Nov 5 15:03:51 UTC 2014


On Wed, November 5, 2014 8:31 am, Always Learning wrote:
>
> On Wed, 2014-11-05 at 06:01 -0600, Jim Perrin wrote:
>
>> As far as package installation goes, Jake outlined most things quite
>> well. What's being ignored is that this depends on the package. These
>> packages aren't maintained, so no one is checking them to see if there
>> are security issues associated with them. If what you have installed is
>> a service or application that is exposed to the outside world, then you
>> have the possibility for exploit in the older, unmaintained version.

If you are running multi-user machine you better assume that bad guys may
be already inside. (Say, stolen password for some account). This means:
you shouldn't have any local exploits as well (the ones allowing privilege
elevation). And you should have things set up so that local DOS is
impossible (e.g. no regular user can run the spool out of file handlers).

>
> Does that mean the source coding will be "lost" forever ? and if someone
> in the future wants that functionality, they will have to re-invent the
> 'wheel' ?
>

It depends on why package is not available anymore. There can be at least
one of two reasons:

1. Code developer(s) stopped working/maintaining code for one reason or
another. Well written code may still be usable for some half a year or so.
Then one will need to find another software with similar functionality

2. Code developing team is still actively working on it, but packaging for
some distribution is done by different people who stopped doing it. Then
one can uninstall package, and install it from source. No need to stress
that one has to subscribe for announcements code team sends (to make sure
one doesn't miss important updates).

Valeri

++++++++++++++++++++++++++++++++++++++++
Valeri Galtsev
Sr System Administrator
Department of Astronomy and Astrophysics
Kavli Institute for Cosmological Physics
University of Chicago
Phone: 773-702-4247
++++++++++++++++++++++++++++++++++++++++



More information about the CentOS mailing list