On 3/3/12 1:11 PM, Qrux wrote: > The security issues with production has been mentioned several times. I've > sort of just assumed it was a friendly "caveat emptor", and filtered it out. > But, it's now come up often enough where it seem to be implying something > stronger than the assumption above. In fact, it all-but-suggests: "There are > some serious security issues with LFS." > > Is this actually the case?
I think the reason this comes up is because LFS is made up of a limited number of developers (essentially hobbyists) that don't have the time and resources to track down all security issues. And so there there is a hesitancy to call LFS 'secure' because they can't guarantee it. But I think it's secure enough, for the reasons you provide. Also LFS stays pretty well up to speed with latest bug/security fixes from upstream and when a security hole does come to our attention, it's fixed in trunk and if appropriate an errata noted on the site for the released book. As far as I am aware there are no gaping holes and, as you state, it does have some advantages in that very little is enabled by default. It all comes back to 'Your distro, your rules'. You are responsible for what you do with LFS (as should be the case) and LFS can't guarantee stability or security for your production machines - that's up to you. JH -- http://linuxfromscratch.org/mailman/listinfo/lfs-dev FAQ: http://www.linuxfromscratch.org/faq/ Unsubscribe: See the above information page
