| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
From: dufresne at winternet.com (Ron DuFresne) Subject: Re: January 15 is Personal Firewall Day, he lp the cause > > > <snip> > > > > > And yet, there's not much one ca do with a kernel alone. Of > > course redhat > > tends to be one of the "kitchen sink" distros of linux. And > > if you are in > > for a test of your skills, try replacing say apache with your > > own build on > > a redhat system, and learn the issues of dependcany hell that is the > > redhat RPM structure. > > > Bad example. We ran our own RPM for Apache for at least a year, recompiling > whenever a newer version came out. All you do is add your patch in the > apache.spec file, and up the version number slightly. Our particular patch > did what 'RequestHeader unset "Authorization"' does in Apache 2.0. > > This was on Red Hat 7.2, but newer versions of Red Hat are the same. > > Now if you were talking about openssl, I'd agree with you. I've emailed far > too many people who've stuffed their machines by either removing or > overwriting the built-in openssl package from Red Hat 7.0 onwards. > Actually, I was not clear enough, I was referenceing apache with ssl capabilities, but, then again, this also is lacking in the full dependancy hell I refer to. When engaged on a project to port our web hosting to the s390 platform with redhat VM's there, we decided to go with as minimal a install as possible. Apache is quite dependent upon quite a few bloated RPM's itself, adding onenssl into the mixfor ssh/ssl capabilities increases this dependance quite a bit. And the real problem was finding any doocumentation to define the needs and depenance of one package to another. Now, this is also encountered in other platforms, but, is somewhat better documented as well via the other vendors. What was interesting was that both redhat and IBM were kinda surprised that we'd even consider a minimum install, rather then a blow everything into the VM and run with it approach... Slackware at least provides a MANIFEST of all the files by package, such that one can weed through and make installation decisions prior to doing a setup/install, I'm still looking for the redhat equivalent <though admittedly, no longer as diligently as I was a few months ago>. Not that redhat is even now ready to properly support it's offering on the s390 platform. Even with their recent repositioning of their offereings, the back end support channels for this platform are still pretty much non-existant. <but, that's another issue altogether> Thanks, Ron DuFresne ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~ "Cutting the space budget really restores my faith in humanity. It eliminates dreams, goals, and ideals and lets us get straight to the business of hate, debauchery, and self-annihilation." -- Johnny Hart ***testing, only testing, and damn good at it too!*** OK, so you're a Ph.D. Just don't touch anything.
Powered by blists - more mailing lists