From: pr0ject <pr...@re...> - 2001-12-31 03:40:28
|
It has been my experience that with packaged applications, it is always better to install from souce than to use a predefined package. Whether or not you agree with me is up to you. IMHO it makes you a better unix administrator to know what's going on when you install an application than just to assume everything is fine. I am not to say that installing from source is for everyone... only those who are control freaks about their systems as I am. You guys have had very valid points on "proper package management" but let's be real folks... the people who pre-package their applications don't always have the best security practices in mind. Granted, there are folks out there who have developed very tight packages (webmin for one, which I have been doubly impressed with), but it only takes one to compromise a system. As for BSD, you're right... I didn't install every single piece from souce.. but I'll be damned if I didn't evaluate every single piece of software that WAS installed before I went live with a production machine. If my system gets compromised, it's not going to be blamed on a software developer... but rather on ignorance on my part. I didn't intend on this being a flame war about me giving "bad advice"... but rather a sublime warning about being too trusting of others to ensure your system is secure. If you choose to install as a package, more power to you... I'm only speaking from experience that installing from source has allowed me much greater flexibility and peace of mind. I apologize if I have raised the blood pressure of some die hard admins out there... I just didn't want to see another novice fall to the demise of a misconfigured applictation... A wise man once told me that Windows NT was the most secure operating system to date.... after he was mocked, he proved to them that once properly configured, NT was in fact, solid as a rock. Today jo...@sw... kicked me in the balls with: ** To put it bluntly: Nonsense. I might even go so far as to call it ** idiotic nonsense (but I'm nicer than that, so let's just call it foolish). ** ** A good package is a great thing. You didn't build your FreeBSD system ** from scratch (i.e. get and compile every component, piece by ** piece--starting from a single floppy distribution with a kernel and a ** compiler), and it would be stupid to 'always always always' install from ** source. ** ** Sorry pr0ject, but I have to call you on this...You are giving very very ** bad advice. ** ** It is so excrutiatingly /easy/ to misconfigure many software packages ** when compiling from scratch. Often, there are options that are poorly ** documented, or incorrectly documented, any one of which could lead to an ** insecure or broken installation. At least if your packager can be ** relied upon (for example, a well known ports project maintainer) you ** know that /someone/ has taken the time and effort to follow a project ** for some time with an eye towards correct configuration for the system ** in question. ** ** I'm not saying folks shouldn't know how to compile from tarball, but I ** am saying that if you can get a package from a reliable source ** (preferably your OS vendor) do it! If your system is not compatible ** with packages you do find from reliable sources (i.e. it's for Mandrake ** and you run Red Hat) it is worth going to the trouble to get the SRPM ** and rebuild it with whatever changes are necessary for your ** architecture. Even better if you can roll your own package for those ** programs that have no package available. Package managers are ** wonderful. Folks with a single workstation may think individual source ** installs are the bee's knees, but if you have more than one machine to ** maintain a package manager is a sanity saving tool not to be dismissed ** lightly. ** ** pr0ject wrote: ** ** > erg!!! ** > ** > ALWAYS ALWAYS ALWAYS install from source!!!!!! ** > ** > 90% of your config options are lost if you install as a package! ** > ** > If you aren't comfortable with installing from source, then learn!! ** > ** > I cannot stress enough how important it is to install applications this ** > way. ** > ** > I run FreeBSD on all my server platforms... and I rarely if ever use ** > the ports as my install application... ** > ** > Today sh...@we... kicked me in the balls with: ** > ** On Sat, 2001-12-29 at 19:44, Robert Brandtjen wrote: ** > ** ** > ** > Qpopper - get the RedHat 7.1/7.2 rpm for YellowDog ** > ** ** > ** Huh? I don't see that one listed at http://www.rpmfind.net/. I've been ** > ** packaging qpopper for some time and you can download the latest at ** > ** http://www.sewingwitch.com/ken/SRPMS/. ** ** -- ** Joe Cooper <jo...@sw...> ** http://www.swelltech.com ** Web Caching Appliances and Support -- If you don't say anything, you won't be called on to repeat it. -- Calvin Coolidge |