On Fri, Oct 05, 2007 at 08:48:25AM +1000, Res wrote: > 6. use a respected server OS, one that doesnt hack the f#ck out of > programs like RH(CentOS) do "Respected" is kind of a funny term here given RHEL sales, but let's let that slide and look at the premise. One of the key tenets of Fedora is "upstream, upstream, upstream". Hacking the "f#ck" out of packages is strongly discouraged. > 6a. use modern current packages of apache2, php5 and MySQL,Sendmail etc > from the respective sites, and not by use of RPM's because its too > "vendor altered" which is where 90% of the security issues come into > it. Do you have any data to back this assertion? I read every security announcement from Red Hat / Fedora, and it's very rare that an issue is due to a RH/Fedora change -- and in fact more likely that the issue being patched isn't normally an issue on default systems due to compile defaults and extra security features added by the distribution. -- Matthew Miller mattdm@xxxxxxxxxx <http://mattdm.org/> Boston University Linux ------> <http://linux.bu.edu/>
