[CLUE-Tech] RE: CLUE-Tech digest, Vol 1 #1214 - 6 msgs
Mike Staver
staver at fimble.com
Mon Oct 13 13:38:08 MDT 2003
Yeah, I used to build my own binaries for things like apache, etc....
however this got very old very fast when exploits were found so quickly.
Also, to me this defeats the whole point of a distribution in the
first place - the ability to get updated packages when needed. The
version I listed actually isn't the true 2.0.40 version that you're
thinking of, it's actually a Red Hat specific back port, where the
security fixes were put into the older version. I don't understand why
they do this, but that's how Red Hat works.
https://rhn.redhat.com/errata/RHSA-2003-240.html
At first though, if you look, you're right, .40 is old... and I think
that's confusing for people to have RH do that, but it works for them I
guess.
mcotton wrote:
> Mike,
>
> This is my first comment to the list and I hope it helps.
>
> I like RedHat a lot (along with other flavors of *nix), but when I learned how to build production webservers, the guys that showed me did not use the RPMs from RedHat. I was taught to download the source from the main sites and compile them locally. For example the Apache version you listed 2.0.40 is vulnernable, and the current version available from apache.org is 2.0.47. This may be 'sploit you are looking for. This also goes for Bind, Samba and any other major production service software. It does make it a bit more difficult to administrate, but you tend to stay more current than if you are relying on Up2Date to release the patches for install.
>
> I am in the process of updating a few of my servers as well, I hope this helps.
>
> Mike
>
> Mike Cotton
>
--
-Mike Staver
staver at fimble.com
mstaver at globaltaxnetwork.com
More information about the clue-tech
mailing list