[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: can an 'unstable' system be made secure?

Firstly, thank you all for the already helpful replies.

On Thu, 27 May 2004 08:28 pm, Bernd Eckenfels wrote:
> However, you should perhaps start  with describing, what the reason is, for
> using unstable. 

I am still working out the details,  but ...

I am connected to the internet through a Tesltra Bigpond cable connection.
It will be permanent, but the IP address may change if I reboot.

The Debian system will be 

1.  the gateway in front of a NAT network, and 

2.  a server, running :

	zope/plone  and/or 
        apache and
        SMTP (possibly postfix) and
        mailman and
        other services, including  ftpd, sshd, rsyncd, squid 
        and a nameserver (caching only).

Plone/Zope issues
I want to run plone ver 2.0.* and zope 2.7.0, (although I notice that even
sid/ustable only has versions 1.0.5 an 2.6.2, respectively, so if I have 
to bypass the apt-get mechanisms, anyway, there may not be so much
need run 'unstable' (assuming that I can or should by-pass apt-get).)

> Usually it is enough to put unstable in deb-src apt.sources
> and then use 'apt-get source "<package>" ; cd package* ; debian/rules
> binary' to have that new version working on stable or tesing.

Am not familiar with all of the above, but I take it its in the docs 

> Another option would be to go with a security enhanced debian derivate or
> one of the smaller appliance distributions. It realy depends on what are
> you planning.

Not familiar with these.  Can you tell me the names of some?

> Personally I think even tracking unstable on a firewall is a pain in the
> ass, if this is used in production environemnt.

It will be, but not mission critical and not commercial, but
I still don't want it to be compromised by a hacker.

Thanks again,



James Sinnamon
jps at westnet com auStralia
ph +61 412 319669, +61 2 95692123, +61 2 95726357

Reply to: