Hi Kwang,
KE Liew wrote:
Thanks for everyone's input, they are much appreciated!
After some weeks of research, the only thing that'll be on the server
is Zope, Plone, Squid, Pound, and some security checks e.g. rkhunter,
etc. I'm guessing that using their latest stable releases from their
website wouldn't cause any hiccups with Debian...?
On 5/8/06, Peter Simmons <[EMAIL PROTECTED]> wrote:
From a security point of view (usually the reason why I install a
debian package) zope is very good (plone also) at getting out any
security fixes and they are also easy to install. Installing from debian
package/src tarball won't change how this works both are the same.
What would be the worst case scenario having running Zope off src
rather than debian packages? Would there be any attempt whatsoever on
cracking particularly through Zope?
From a security point of view there is not difference b/w zope src and
debian packages. If anything debian packages are likely to be less
secure than zope src because they are not very well maintained. Its
possible that zope has some vulnerability that allows a hacker to do
something bad but I can't remember the last time a security fix came out
that was for something really bad. The worst case is usually that if you
have some TTW code setup in a certain way it can pose a risk to someone
editing content. If you stick to standard development mechanisms you
hardly ever end up having done the particular setup (at least that is my
experience).
So it depends on how vital it is for you to have the most up to date
stuff. Also keep in mind its very easy to switch, in fact since we
switched from debian package to zope src tarball we have kept a couple
of the debian bits such as init.d scripts and setup as they work very
well.
Sounds good! I should take a look at debian packages just to see what
I can use.
I haven't played around much, but I always have this thought that
newer versions can mean more stable application, though not
necessarily the case. As long as its a stable release, wouldn't it be
wise to install that latest version?
Essentially yes, the community is very good at releasing very stable
versions based on 7 or 8 years experience. Over that time there have
been maybe 100 hundred releases and I can only remember 3 or 4 that had
show stopper bugs and every single time if I tested out doing an upgrade
I found the bug (i.e. it didn't cause any hassels except delaying
upgrading while a bug fix release was done).
Kwang
_______________________________________________
Setup mailing list
[email protected]
http://lists.plone.org/mailman/listinfo/setup
