LWN.net Logo

Not logged in

Log in now

Create an account

Subscribe to LWN

Recent Features

LWN.net Weekly Edition for February 16, 2012

Book review: Open Advice

Linux support for ARM big.LITTLE

LWN.net Weekly Edition for February 9, 2012

XBMC 11 "Eden"

Printable page
Weekly edition Kernel Security Distributions Contact Us Search
Archives Calendar Subscribe Write for LWN LWN.net FAQ Sponsors

Who runs the default vendor package applications for production anyway ?

Who runs the default vendor package applications for production anyway ?

Posted Mar 29, 2005 19:42 UTC (Tue) by dps (subscriber, #5725)
In reply to: Who runs the default vendor package applications for production anyway ? by Spike
Parent article: Security Innovation's Microsoft/Linux web server security study

I think my network counts as a "professional environment". I mostly run debian binary packages (woody and a 2.4.x kernel), seriously minimised. I roll my own kernels and frequently compile in everything I need and disable modules. 2.2.x kernel lack IP tables so are too conversative for my taste.

Tracking the security of everything installed everywhere would require more time than I have to keep the system happy, so apt-get upgrade is worth a lot. This does not mean I would not roll my own fixed version for something serious not covered by a DSA.

The major limitation of debain, RH, etc vendor packages is that it is hard to know the coverage of their backported fixes.

BTW almost all M$ bxoen run 100% vendor packages and only the vendor can provide security fixes. Even if get the source, AFAIK M$ "shared source" does not allow you actually fix a problem and use the fixed version.

(Log in to post comments)

Copyright © 2012, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds