I don't know much about KNOPPIX-STD, but does KNOPPIX have the source for
everything on the CD? I can't speak for the kNOPPIX-STD creator but my
understanding is that he installed these utilities from the Debian packages
using apt-get. Isn't that trusted enough?
I believe the source he puts on the CD is for utilities he didn't install
with Debians apt-get.
I do agree test it first and if it works then use it.
So test it and use it if it works.
Ernie Baca
Phoenix, Arizona
ebaca@linux-forensics.com
www.linux-forensics.com
>From: "der.hans" <PLUGd@LuftHans.com>
>Reply-To: plug-discuss@lists.plug.phoenix.az.us
>To: plug-discuss@lists.plug.phoenix.az.us
>Subject: Re: Anyone played with Knoppuix-STD yet?
>Date: Mon, 14 Jul 2003 00:58:34 -0700 (MST)
>
>Am 13. Jul, 2003 schwätzte Thomas Cameron so:
>
> > I know several folks have spoken highly of Knoppix.
> >
> > http://www.knoppix-std.org/ is a version of Knoppix which is supposed to
>be
> > specialized for security work. Anyone played with it yet?
>
>Don't use it!!!
>
>I got a copy at the meeting Thu. I've been dog-sitting for a friend and
>using Knoppix to ssh back home to work from there. Fri I tried knoppix-std.
>I went through and looked at what was on the CD. Looked pretty good until
>towards the end where he said he had a directory that had source code for
>the programs WHEN HE COULD FIND IT.
>
>Do not trust security code for which you don't have the source code. The
>fact that he's including programs for which the source code isn't available
>is insane and tells me I certainly don't want to trust him to get it right.
>
>The moral of the story: don't use knoppix-std until source code is
>available
>for EVERYTHING on it, and someone with security has done an audit.
>
>It's great that he's including source code for packages, but source code
>should be available for all of them.
>
>ciao,
>
>der.hans
>--
># https://www.LuftHans.com/ http://www.AZOTO.org/
># If you're not learning, you're not living. - der.hans
>
>---------------------------------------------------
>PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us
>To subscribe, unsubscribe, or to change you mail settings:
>http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss
_________________________________________________________________
The new MSN 8: advanced junk mail protection and 2 months FREE*
http://join.msn.com/?page=features/junkmail