Sorry, I forget sometimes that security is different for different installations. Yes, it would be an issue in a cs department at a college :) I remember when . . .
In my case, db access is limited to the web server, via cgi scripts I write or are relatively easy to keep patched. And, there are at most a half dozen accounts with shell access . . . everyone else has a shell of /bin/false. If I am living in a fantasy land thinking that gives me a little leeway, please tell me (God, I know what I've let myself in for here). Rod BTW, I know what you mean about someone attempting cracks. Turned ProFTP on one of my servers at a clients request. Several dozen attempts at a login within the first 24 hours. I hadn't even told the client it was on yet! RWR > > Rod Rodolico said: > >> Becoming a firm believer that you CAN have it all, stability and the >> latest packages :) >> >> There are other places to get backports, BTW. This one works for me. >> > Rod, > Yes I agree with your statements. > Thanks for the link I'll use it on one of my systems... > > But you don't explicitly have security, you have the testing delay for > security updates, combined with the propagation time to backports from > testing. > > I'm still leery of using testing for any publicly exposed service, or for > machines with shell access. > I have at most a week from a known kernel exploit to when one of my users > tries to exploit via shell access. > > --Luke CS Sysadmin, Montana State University-Bozeman > > > -- > To UNSUBSCRIBE, email to [EMAIL PROTECTED] > with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED] > > -- Media Ethics is an oxymoron, much like Jumbo Shrimp and Microsoft Works. Not to mention NT Security -- To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]