On Tue, Jun 08, 2004 at 08:41:24 -0500, "Benjamin J. Weiss" <benjamin@xxxxxxxxxx> wrote: > > I can't afford to run RHEL ES at home, and the WS doesn't have all of the > services that I run for myself. I'm not rich, nor am I a corporation. > I'm just a guy who wants to have his little 866MHz PIII Celeron humming > away doing what I need it to. Fedora would be just fine if I could count > on installing it and then being able to leave it for a year or two without > having to worry about whether or not the security patches would dry up. I still run RH6 on machines connected to the net. Most security fixes are for local problems and aren't that big of a deal if you don't have untrusted local users. Generally you really only need to keep a close watch for updates for services (web server, mail server, ssh) and clients exposed to hostile data (web browser, email client) and some libraries (openssl and zlib are the main ones). It isn't too hard to install versions of these from source obtained at the primary sites and keep them up to date. Bugtraq isn't what it used to be, but you can get an idea of which packages need updates at Linux Weekly News.
