Hello, I'm coming from Slackware and I'm searching for another distribution to run on my desktop and in near future also on a server.
The *top priority* for me is security! I've test-installed CentOS on one of my test systems. So far anything went OK. After trying a bit, I would like to ask some questions: - What is the suggested way to get *secure and trusted* additional packages? I don't want packages packaged by "someone" who doesn't have the required experience and who doesn't do the packaging on a dedicated "build host" which isn't used for anything else than building packages. I tried the Dag-Repository. Seems to be well done and as Dag is member of the CentOS-Staff, I think his packages are trustworthy. Unfortunately I'm unsure if they are secure. For example there is a Drupal package which is *out of date*! So there should either be an update or the package maybe should be removed at all as it is a security hole! Is there a repository available which only has that much packages as the maintainer is able to keep secure? - My second question is about: http://www.cs.arizona.edu/people/justin/packagemanagersecurity/attacks-on-package-managers.html Yum also seems to affected, so a malicious mirror would be able to downgrade a package on a server where it's suggested to be *upgraded* to a patched version. When will Yum be fixed and what is the suggested way to get Yum more secure? Thanks in advance for any answers. Yours Manuel -- () ascii ribbon campaign - against html mail /\ - gegen HTML-Mail answers as html mail will be deleted automatically! Antworten als HTML-Mail werden automatisch gelöscht! GMX Kostenlose Spiele: Einfach online spielen und Spaß haben mit Pastry Passion! http://games.entertainment.gmx.net/de/entertainment/games/free/puzzle/6169196 _______________________________________________ CentOS mailing list CentOS@centos.org http://lists.centos.org/mailman/listinfo/centos
