[Gllug] Debian install from a SCSI CD-R drive

rich at annexia.org rich at annexia.org
Tue Dec 31 09:58:44 UTC 2002


On Mon, Dec 30, 2002 at 05:57:11PM +0000, Pete Ryland wrote:
> BTW, talking of people who don't use packaging systems, does anyone
> concur with the opinion that compiling applications like apache and
> mysql from scratch is more secure than installing from a (signed)
> package?  It just seems to be a popular opinion in London at the moment,
> but I would tend to think the opposite.

There's probably a little bit of security-through-obscurity to
be gained by this. The latest script kiddie exploit is likely
to be written for the vendor-supplied package (ie. any addresses
in the shell code refer to exact positions in that executable, etc)
Check the signature on the _source_ packages you're downloading
of course!

Contrary to popular opinion, I think there's nothnig wrong with a
little bit of security-through-obscurity, provided it's used as an
extra layer on top of all existing good security practice.

Rich.

-- 
Richard Jones, Red Hat Inc. (London, UK) http://www.redhat.com/software/ccm
http://www.annexia.org/ Freshmeat projects: http://freshmeat.net/users/rwmj

-- 
Gllug mailing list  -  Gllug at linux.co.uk
http://list.ftech.net/mailman/listinfo/gllug




More information about the GLLUG mailing list