Am 13. Jul, 2003 schw=E4tzte Thomas Cameron so:
> I know several folks have spoken highly of Knoppix.
>
> http://www.knoppix-std.org/ is a version of Knoppix which is supposed to =
be
> specialized for security work. Anyone played with it yet?
Don't use it!!!
I got a copy at the meeting Thu. I've been dog-sitting for a friend and
using Knoppix to ssh back home to work from there. Fri I tried knoppix-std.
I went through and looked at what was on the CD. Looked pretty good until
towards the end where he said he had a directory that had source code for
the programs WHEN HE COULD FIND IT.
Do not trust security code for which you don't have the source code. The
fact that he's including programs for which the source code isn't available
is insane and tells me I certainly don't want to trust him to get it right.
The moral of the story: don't use knoppix-std until source code is availabl=
e
for EVERYTHING on it, and someone with security has done an audit.
It's great that he's including source code for packages, but source code
should be available for all of them.
ciao,
der.hans
--=20
# https://www.LuftHans.com/ http://www.AZOTO.org/
# If you're not learning, you're not living. - der.hans
(text/plain)