[Pkg-exim4-users] What is stable? What is secure? [WAS: Re: libmysqlclient.so: no version information available]

Hans-Juergen Beie hjb at pollux.franken.de
Sat Dec 3 14:35:41 UTC 2005

Gerhard Kroder wrote on 03.12.2005 13:23 Uhr:
> me getting OT:

well... new topic ;)

>>> Are you running a mixed sarge/etch/sid system?
>> Yes. Otherwise newer releases of Exim and ClamAV won't install.
> btw:  since stable "only" has security fixes, how much will a current 
> (upstream)  ClamAV, SpamAssassin e.a. will drift away from stable? What 
> i mean: security fixes won't install new scan engines (does this occur 
> in "real world"?), but only programming errors, or maybe some scanning 
> patterns, too. So, won't i be forced in time to change a stable system 
> (which is what i want in poduction environment) to a mixed system with 
> testing or sid? Which would/could cause update problems and potentially 
> instabel or (more) insceure system? Won't aging of these scanning tools 
> render them quite worthless?
> How do YOU deal with this? Suggested Readme's, HowTo's? Is there some 
> missconception in my mind?
> Gerhard
> ps: still rampant learning curve ahead, for running mailserver; don't 
> yet use clamav/sa

What is "stable"?
- Bug-free software? That's a dream.

- Bug-fixed software? OK (one bug fixed, get tow more for free ;)

- Debain/sarge? Hmm... that depends...

What is "secure"?
- A rock solid server, resistant against all known root kits, intrusion 
methods and script kiddies? From a admin's point of view it may be 
"secure". But that's often an end in itself.

- A system which provides a much security as possible for its users? 
Fine... but what about the rest of the world arround?

Nowadays, a "stable" and "secure" mail server is something what we would 
call "die Quadratur des Kreises" in german. That's my experience, still 
on the learming curve after trying to administrate some small mail 
servers on RedHat/Fedora and Debian hosts for some years now.

Comming back to debian/exim/clamav/sa ...

When I had to setup a (still small) production system for the first 
time, I decided (after reading many of these Readmes, HowTotos, and 
FAQs) to choose Exim4 on debian/stable (woody at that time) as a basis 
and to provide the necessary environment by pinning (woody still sticked 
to Exim3) or by using backports. This method was also suitable to get 
recent versions of ClamAV and SA up and running, on so-called "stable" 
debian flavours. Now with debian/sarge, this is quite similar.

I should mension however, that this host (in fact it's a VServer) makes 
nothing else than delivering and providing mail (Web an database 
applications are running on other hosts/VServers). That gives me the 
freedom to choose those packages which I believe to be most suitable for 
this purpose without getting headache because of possible side-effects 
on other applications. And I sweared never to compile or build packages 
myself. Fortunately, I never had to break my word, up to now (at least 
concerning the mail server ;)

I won't never claim that this system is "stable" as well as "secure".
It's just a compromise somewhere between.

That's how I deal with it.
Your mileage may vary.

hjb :-?

More information about the Pkg-exim4-users mailing list