On Mar 3, 2012, at 12:18 PM, Ken Moffat wrote:
> On Sat, Mar 03, 2012 at 01:50:13PM -0500, Jeremy Huntwork wrote:
>> On 3/3/12 1:11 PM, Qrux wrote:
>>> The security issues with production has been mentioned several times.\
>> I think the reason this comes up is because LFS is made up of a limited
>> number of developers (essentially hobbyists) that don't have the time
>> and resources to track down all security issues. And so there there is a
>> hesitancy to call LFS 'secure' because they can't guarantee it.
>>
> LFS itself is usually prompt at fixing known vulnerabilities.
> ...
> My concerns are more with BLFS...
Does anyone know of any actual vulnerabilities in LFS-proper (either 7.0 or
7.1)?
I'm not asking about hypothetical concerns, and for the purpose of this
discussion, I'm not asking about BLFS. I'm not asking if the books make any
claim about security, either. In fact, I don't think they make any claims
about security--which is precisely what makes the
"LFS-is-not-secure-enough-for-production-use" warnings even more surprising.
I'm asking if LFS-proper--built by following the book's directions exactly and
correctly--has known vulnerabilities, not whether LFS responds to
vulnerabilities or why there isn't more man-power on the security issues.
* * *
As for the "hobbyist" thread...I think of people who contribute in the open
source community as being craftsmen. It's a combination of taking pride in
your work, the freedom to work how you like, and the independence to work on
what you like. Those conditions are usually conducive of quality output. I
certainly wouldn't want to be thought of as someone who only does interesting
or good things only because I'm paid to do them. That might be true for some,
but I doubt it's too true for a large part of the FOSS community. I also think
the contributions made here are made with the best intentions, not some diluted
version because it's "volunteer work". Simply because things could be made
better from time to time doesn't mean there isn't a good measure of integrity,
diligence, communication, and competence already present, all of which I would
expect of craftsmen.
Q
--
http://linuxfromscratch.org/mailman/listinfo/lfs-dev
FAQ: http://www.linuxfromscratch.org/faq/
Unsubscribe: See the above information page
