Re: can an 'unstable' system be made secure?
Firstly, thank you all for the already helpful replies.
On Thu, 27 May 2004 08:28 pm, Bernd Eckenfels wrote:
<snip/>
> However, you should perhaps start with describing, what the reason is, for
> using unstable.
I am still working out the details, but ...
I am connected to the internet through a Tesltra Bigpond cable connection.
It will be permanent, but the IP address may change if I reboot.
The Debian system will be
1. the gateway in front of a NAT network, and
2. a server, running :
zope/plone and/or
apache and
SMTP (possibly postfix) and
mailman and
other services, including ftpd, sshd, rsyncd, squid
and a nameserver (caching only).
Plone/Zope issues
---------------------------
I want to run plone ver 2.0.* and zope 2.7.0, (although I notice that even
sid/ustable only has versions 1.0.5 an 2.6.2, respectively, so if I have
to bypass the apt-get mechanisms, anyway, there may not be so much
need run 'unstable' (assuming that I can or should by-pass apt-get).)
> Usually it is enough to put unstable in deb-src apt.sources
> and then use 'apt-get source "<package>" ; cd package* ; debian/rules
> binary' to have that new version working on stable or tesing.
Am not familiar with all of the above, but I take it its in the docs
somewhere?
>
> Another option would be to go with a security enhanced debian derivate or
> one of the smaller appliance distributions. It realy depends on what are
> you planning.
Not familiar with these. Can you tell me the names of some?
>
> Personally I think even tracking unstable on a firewall is a pain in the
> ass, if this is used in production environemnt.
It will be, but not mission critical and not commercial, but
I still don't want it to be compromised by a hacker.
Thanks again,
regards,
James
--
James Sinnamon
jps at westnet com auStralia
ph +61 412 319669, +61 2 95692123, +61 2 95726357
Reply to: