[Gllug] just preaching to the converted !
Peter Joanes
pjoanes at hotmail.com
Wed Oct 26 13:54:36 UTC 2005
On Wednesday 26 October 2005 09:05, Martin A. Brooks wrote:
> Your compiled-from-source-firewall is vulnerable to security problems
> that the shipped-with-debian-firewall is not. I'm not saying these
> problems will ever be found or exploited. My point is that _you don't
> know what they are_.
>
> On the other hand my bash binary, which is the same as the bash binary
> which is being used on thousands, if not hundreds of thousands, of other
> systems, has no known security problems.
Bad-admin'ing aside, most of the vulnerabilities that I've seen have been
fixed by changing the source code, as they result from design or programing
errors.
Sometimes it is necessary to disable support for some component in the
compilation, and because I use Gentoo, these options are chosen by the
maintainers.
Overall, I agree with Nix -- From a security standpoint the benefits of not
running the same binaries as everyone else outweigh the benefits of doing so.
- Pete.
--
Gllug mailing list - Gllug at gllug.org.uk
http://lists.gllug.org.uk/mailman/listinfo/gllug
More information about the GLLUG
mailing list