On Fri, 8 Mar 2002, Stefan H. Holek wrote:
At 08.03.2002 22:15 +0300, Oleg Broytmann wrote:
On Fri, Mar 08, 2002 at 06:53:01PM +0100, Lennart Regebro wrote:
When I install things on unix, I usually download and unzip a tgz file, run ./configure, write "make" and "make install", and I'm done.
That because you manage only one computer. Think about poor sysadmins who maintain dozens servers on a site - they just don't have enough time to untar and compile all that crap...
OTOH my admins would never use (mission critical) rpms they did not carefully package themselves... :-)
Yeah, well. I remember the line in "Essential System Administration" (O'Reilly) about never installing as root a product that you haven't carefully studied the source code for, looking for security vulnerabilities. All I thought was: wow, people must have a lot more free time on their hands than I do! Ever tried reading the source code for perl? :-) But, seriously, I'm curious: do you think that you're getting better security w/someone's ./configure && make && make install setup (also run as root, can also execute anything you want and might unless you read the configure file and make file and source code)? -- Joel BURTON | joel@joelburton.com | joelburton.com | aim: wjoelburton Independent Knowledge Management Consultant