Anyone played with Knoppuix-STD yet?

Top Page
This message is part of the following thread:
Mthe complete thread tree sorted by date
Mder.hans at <-
Mder.hans at ->
Attachments:
Message as email
+ (text/plain)
Delete this message
Reply to this message
Author: Ernest Baca
Date:  
Subject: Anyone played with Knoppuix-STD yet?
I don't know much about KNOPPIX-STD, but does KNOPPIX have the source for
everything on the CD? I can't speak for the kNOPPIX-STD creator but my
understanding is that he installed these utilities from the Debian packages
using apt-get. Isn't that trusted enough?

I believe the source he puts on the CD is for utilities he didn't install
with Debians apt-get.

I do agree test it first and if it works then use it.

So test it and use it if it works.



Ernie Baca
Phoenix, Arizona

www.linux-forensics.com





>From: "der.hans" <>
>Reply-To:
>To:
>Subject: Re: Anyone played with Knoppuix-STD yet?
>Date: Mon, 14 Jul 2003 00:58:34 -0700 (MST)
>
>Am 13. Jul, 2003 schwätzte Thomas Cameron so:
>
> > I know several folks have spoken highly of Knoppix.
> >
> > http://www.knoppix-std.org/ is a version of Knoppix which is supposed to
>be
> > specialized for security work. Anyone played with it yet?
>
>Don't use it!!!
>
>I got a copy at the meeting Thu. I've been dog-sitting for a friend and
>using Knoppix to ssh back home to work from there. Fri I tried knoppix-std.
>I went through and looked at what was on the CD. Looked pretty good until
>towards the end where he said he had a directory that had source code for
>the programs WHEN HE COULD FIND IT.
>
>Do not trust security code for which you don't have the source code. The
>fact that he's including programs for which the source code isn't available
>is insane and tells me I certainly don't want to trust him to get it right.
>
>The moral of the story: don't use knoppix-std until source code is
>available
>for EVERYTHING on it, and someone with security has done an audit.
>
>It's great that he's including source code for packages, but source code
>should be available for all of them.
>
>ciao,
>
>der.hans
>--
>#  https://www.LuftHans.com/    http://www.AZOTO.org/
>#  If you're not learning, you're not living. - der.hans

>
>---------------------------------------------------
>PLUG-discuss mailing list -
>To subscribe, unsubscribe, or to change you mail settings:
>http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss

_________________________________________________________________
The new MSN 8: advanced junk mail protection and 2 months FREE*
http://join.msn.com/?page=features/junkmail


This message was posted to the following mailing lists:
Plug Discuss
Mailing List Info | Nearby Messages		<-laptop key capsC Libraries->
Some Mailing List Archive administrated by UnconfiguredLurker (version 2.3)