Derek Neighbors wrote:
>>The cost is the time spent building the system .... so it really depends
>>on your needs.
snip
> of complete uniqueness. When you build a system from scratch that means
> you are the ONLY person on the planet that has that system. For a
> production quality system this is extremely dangerous.
snip
> That said it is great to have options and I think its cool to be able to
> compile own desktop to do some wicked stuff, but I suspect if it is
> important enough for you to compile thigns to get extra flags for
> security, that you realize you are opening a whole other mess of security
> problems by custom compiling things and circumventing peer review?
You are definately correct about your first point ... I hadn't thought of that.
This really exacerbates one of the largest problems with linux at the moment.
There are SO many possibilities it makes it impossible for someone trying to
provide support for a product or application. A Linux box can be
extraordinarily unique ... the combinations of kernels, kernel patches, library
versions, compiler versions must make a gigantic mess of things.
I don't really understand this last point however? How is compiling apache or
ssh with the propolice stack protection that is now standard with gcc
circumventing peer review? What peer review? I am using the apache source,
unmodified. Perhaps you mean peer review of that single binary that 20,000
people are using. Well, then, you should start compiling your binary with
-fstack-protector.
I also do not understand what other "mess of security problems" compiling a
package myself introduces.
Austin
(text/plain)