imo its a question of resources. in an ideal world I would argue you build and install manually, for everything...but only after you have reviewed every line of code to ensure there are no security issues. If there are then you fix. but i mean, who has the resources to do this? not many I bet. So, as normal its a matter of compromise, you have to find the right balance. Ensure that your security policy is maintained within resource limits, due diligence et al. You have to do what works for you.
mike
btw, nice sig Peter.. here is one from me ... Athens (+15°C)
2010/1/31 Per Jessen per.jessen@enidan.ch:
Peter Keel wrote:
- on the Sat, Jan 30, 2010 at 01:36:52PM +0100, Per Jessen wrote:
AFAICT from that list, you'd be fine on openSUSE too. Still, nothing wrong with untar+config+make :-)
Yes, very wrong. Maintainability goes trough the floor. Or are you sure not to miss a security-relevant update in an insignificant program like tar? Or any other program or library which might be a dependancy of the software you're compiling?
When you know what you're doing, I don't see a problem.
/Per
-- Per Jessen, Zürich (-2.6°C)
swinog mailing list swinog@lists.swinog.ch http://lists.swinog.ch/cgi-bin/mailman/listinfo/swinog