Menu
▾
▴
Re: [Devil-Linux-discuss] Updating to 1.2.11
|
From: Bruce S. <bw...@ar...> - 2006-11-20 13:02:21
|
> >> Whilst these are minor irritants it does bother me that things are being added > >> to the system without proper auditing. This is supposed to be a secure system > >> and addition of unverified software obviously gives an opportunity for malware > >> to be unwittingly installed. > > > > Can you be more specific about what unverified software you're referring to? > > aide and awstats. How do you suggest we audit them? Do you expect us to go through the source code line by line? (We'll get back to you in about 50 years, as soon as we're done with the kernel :) Or can we trust other sources to audit them? Some place that actually understands the source code perhaps? How about Novell/SuSE? Both of those packages are included with SuSE 10.1. Personally I didn't add them, and I've never used either of those packages. Hell, I didn't even know what those packages are until I searched my SuSE 10.1 DVD to see if they exist there. Do either of those packages start by _default_ when you boot DL? If so, then you _may_ be correct that there is a problem. Otherwise even malware won't hurt you if it never runs. You should know a little about the packages you designate to start at boot. What evidence do you have that either of those packages are malware? - BS |
