Jeff Waugh wrote:
Jeff, security I take seriously. I want to be satisfied that there is nothing in the<quote who="O Plameras">
Yes, it is.
Oscar, quite seriously, the concept of "building a kernel" has absolutely nothing to do with security. Someone has been telling you tall stories.
source codes that compromises. I also want to have a third, fourth, etc party
for the record to audit the process (or business process). It is my process to
put everything in writing, not just my word or someones words, and then
someone can take his or my word for it. As we all know, in computer
security everyone is distrusted except those that one expressly trust. And
this is made operational in computer process by means of filters, that is,
everything is disallowed except those that one has expressly allowed.
The other side is you trust everyone except those that you have expressly identitfied as not trustworthy. This is not how computer security works. Computer security I follow is I trust only those I expressly trust and do not trust everyone else.
I do not trust the Source Codes as a matter of procedure until I confirmed
that it is trustworthy. This is not me but it is logical, practical, and is the
practice.
Allow only those that you trust is the rule; and Do Not trust everyone. This is oneYour distribution, one would hope, supplies a fully security-supported, stress-tested kernel, which they'll update when there are vulnerabilities. If you build your own kernel, you have to manage that process on your own, which is a *very* significant undertaking.
of the rules in computer security. So, how can you be sure that your system is
secure if you have not verified or audited that it is secure.
I've doing this for over 35 years, I do not find it hard or difficult as you like to portray.Building your own kernel makes it *harder* for you to sustainably secure your server. It is *not* "required".
If you seriously believe this to be true, you might want to reply with more rationale and detail than "yes, it is", so we can find out where you've gone wrong. :-)
-- SLUG - Sydney Linux User's Group Mailing List - http://slug.org.au/ Subscription info and FAQs: http://slug.org.au/faq/mailinglists.html
