[Zope] What causes the community to stall so often?

Joel Burton joel@joelburton.com
Fri, 8 Mar 2002 15:33:30 -0500 (EST)


On Fri, 8 Mar 2002, Stefan H. Holek wrote:

> At 08.03.2002 22:15 +0300, Oleg Broytmann wrote:
> >On Fri, Mar 08, 2002 at 06:53:01PM +0100, Lennart Regebro wrote:
> > > When I install things on unix, I usually download and unzip a tgz file, run
> > > ./configure, write "make" and "make install", and I'm done.
> >
> >    That because you manage only one computer. Think about poor sysadmins who
> >maintain dozens servers on a site - they just don't have enough time to
> >untar and compile all that crap...
>
> OTOH my admins would never use (mission critical) rpms they did not
> carefully package themselves... :-)

Yeah, well. I remember the line in "Essential System Administration"
(O'Reilly) about never installing as root a product that you haven't
carefully studied the source code for, looking for security
vulnerabilities.

All I thought was: wow, people must have a lot more free time on their
hands than I do! Ever tried reading the source code for perl? :-)

But, seriously, I'm curious: do you think that you're getting better
security w/someone's ./configure && make && make install setup (also run
as root, can also execute anything you want and might unless you read the
configure file and make file and source code)?

-- 

Joel BURTON  |  joel@joelburton.com  |  joelburton.com  |  aim: wjoelburton
Independent Knowledge Management Consultant