--
fre, 2002-03-22 kl. 14:26 skrev dman:
> | The examples that I mentioned are mostly of utilities that simply have
> | to be compiled by hand, to get the desired results (they often need
> | special patches and bug fixes can appear almost daily).
> The Debian
> security team backports the fix to the version in included in stable
> so that overworked admins can obtain the fix quickly and easily
> without worrying about any migration or compatibility issues. All the
> admin needs to do is 'apt-get update && apt-get upgrade' and he's
> safe. With a decent network link and enough memory in the system to
> unpack the package it takes no more than a minute or two, and doesn't
> really require active thought. Of course, the admin _must_ have
> configured exim properly in the first place (requiring active
> thought), but extra effort is expended in obtaining the security fix.
> If you're talking about new features, then that's a different story
> and you should not be using "stable".
Hmmm ... I can't remember many security scares with Exim. Not CERT or
Securityportal/focus stuff. In comparison with Sendmail, that is. Or
Exchange.
Generally I'd say that the Hazel-Exim bug-update routine is so little
top-heavy, that ANY bugs are more or less fixed within hours.
Anyway, that wasn't what I was talking about. I meant
Netfilter/iptables, FreeS/WAN x509 and that sort of shit. You just can
not wait for people to bake .rpms. You have to patch stuff from CVS
patches to keep up to date. Things have bugs and have to be fixed.
When do you expect the Exim 4 potato or woody .deb? Next year - 2003?
Will it be 4.00 or 4.01? 4.05? To my mind, it's worth making an
immediate change to Exim 4 - it's a completely different philosophy,
with far more possibilities. And your stressed sysadmins will find it
far less difficult to cope with, schoen/already :c)
> | As far as kernel compiling is concerned, without having compiled my own,
> | the RH 7.2 machine that I'm writing this on now just wouldn't (and
> | didn't) work at all.
> Why? (I'm curious since it's been a while since I used a RH kernel)
It was 'orrible. The thing has an AMD Duron processor and a PCMCIA
bridge (my Xircom V90 modem). RH 7.2 standard couldn't cope. There were
all sorts of segmentation faults at every boot and ... BANG! dead
machine. Time after time. Trouble was, I'd already bought it. Then there
was Xfree86 4.1 that couldn't cope with an S3 ProSavage4 video chip
properly or with StarOffice 6.0 Beta / OpenOffice.org 641c (so it now
has self-compiled 4.2.0) etc. Then there was iptables compilation into
the kernel ... It's running 2.4.16 now.
> The new initrd stuff allows for a single kernel to be built that will
> work in almost every situation. (diskless nodes and other specialty
> setups aren't covered, obviously, but that is going to be customized
> anyway)
Well bully for initrd.
>> | As far as Exim's concerned, there are many compile-time options that
>> | suit some and not others.
> Sure, but if you include most of the features then it's just a matter
> of runtime configuration. In addition there can be several packages
> (eg 'exim' vs. 'exim-tls') for different sets of specific features.
And if I should want / not want PAM, MySQL, PostresSQL, LDAP,
TCPWrappers in the Exim binary? /usr/local/exim4 as my base, ./spool/log
for my logs ("Foff /etc/mail, /var/log"), my chown etc is is in /bin -
not /usr/bin, don't want inbuilt perl.o etc. etc?
> The wise in heart are called discerning,
> and pleasant words promote instruction.
> Proverbs 16:21
Indeed.
:-)
Tonni
Sogning
--
Tony Earnshaw
e-post: tonni@???
www: http://www.billy.demon.nl
Telefoon: (+31) (0)172 530428
Mobiel: (+31) (0)6 51153356
GPG/PGP Fingerprint: 3924 6BF8 A755 DE1A 4AD6 FA2B F7D7 6051 3BE7 B981
--
Content-Description: Dette er en digitalt signert meldingsdel
[ signature.asc of type application/pgp-signature deleted ]
--
