Re: Proposed: task-secure-system package
Hi,
Quoting Russell Coker (russell@coker.com.au):
> >If you're security-aware enough to run a task-secure-system, are you then
> >not aware enough to keep track of bugs and upgrades ? :) I do get your
> >point, above was not meant to be flame-bait;)
> There are machines which I only get to see for a few hours a year. I
> can't keep track of all the security issues that have come up since the
> last time I saw such a machine.
I acknowledge the use of a package like you mention ;)
Solutions like apt-zip et al. seem not-really useful/friendly. Maybe there's
use for something that accepts a dpkg-getselections list, and makes a
shellscript that downloads the packages you need (as in (i think) apt-zip),
so you can download them somewhere else, and install them later.
You could use a solution like that to only download security-related updates
as well (not trying to dispose of your idea; i'm convinced of its usefulness
:) ).
> No. I like to have ssh as root enabled so that I can login directly to do
> regular maintenance tasks with minimum stuffing around. Doing the "enter
> password to su to root" thing works if you run one or two machines. But
> if you run 50 machines it's ridiculous to consider such things.
Depends ;) - patching sshd seems like a good solution.
Where i work we run loads of machines, and in my experience it's very
annoying to not-know who ssh'd in as root.
I wouldn't like to do the extra work to patch sshd, and having to install
the 'special' sshd on all machines, instead of just dist-upgrade-ing.
> OK. Any people interested in linux programmers meetings in the
> Netherlands please mail me off the list. I'll arrange one soonish.
will do (maybe notify the debian-nl-something list as well?).
Greets,
Robert
--
| rvdm@cistron.nl - Cistron Internet Services - www.cistron.nl |
| php3/c/perl/html/c++/sed/awk/linux/sql/cgi/security |
| My statements are mine, and not necessarily cistron's. |
Nuke the unborn gay female whales for Jesus.
Reply to: