[Pkg-exim4-users] What is stable? What is secure? [WAS: Re:
libmysqlclient.so: no version information available]
Hans-Juergen Beie
hjb at pollux.franken.de
Sat Dec 3 14:35:41 UTC 2005
Gerhard Kroder wrote on 03.12.2005 13:23 Uhr:
> me getting OT:
well... new topic ;)
>>> Are you running a mixed sarge/etch/sid system?
>>
>> Yes. Otherwise newer releases of Exim and ClamAV won't install.
>
>
> btw: since stable "only" has security fixes, how much will a current
> (upstream) ClamAV, SpamAssassin e.a. will drift away from stable? What
> i mean: security fixes won't install new scan engines (does this occur
> in "real world"?), but only programming errors, or maybe some scanning
> patterns, too. So, won't i be forced in time to change a stable system
> (which is what i want in poduction environment) to a mixed system with
> testing or sid? Which would/could cause update problems and potentially
> instabel or (more) insceure system? Won't aging of these scanning tools
> render them quite worthless?
>
> How do YOU deal with this? Suggested Readme's, HowTo's? Is there some
> missconception in my mind?
>
> Gerhard
>
> ps: still rampant learning curve ahead, for running mailserver; don't
> yet use clamav/sa
What is "stable"?
- Bug-free software? That's a dream.
- Bug-fixed software? OK (one bug fixed, get tow more for free ;)
- Debain/sarge? Hmm... that depends...
What is "secure"?
- A rock solid server, resistant against all known root kits, intrusion
methods and script kiddies? From a admin's point of view it may be
"secure". But that's often an end in itself.
- A system which provides a much security as possible for its users?
Fine... but what about the rest of the world arround?
Nowadays, a "stable" and "secure" mail server is something what we would
call "die Quadratur des Kreises" in german. That's my experience, still
on the learming curve after trying to administrate some small mail
servers on RedHat/Fedora and Debian hosts for some years now.
Comming back to debian/exim/clamav/sa ...
When I had to setup a (still small) production system for the first
time, I decided (after reading many of these Readmes, HowTotos, and
FAQs) to choose Exim4 on debian/stable (woody at that time) as a basis
and to provide the necessary environment by pinning (woody still sticked
to Exim3) or by using backports. This method was also suitable to get
recent versions of ClamAV and SA up and running, on so-called "stable"
debian flavours. Now with debian/sarge, this is quite similar.
I should mension however, that this host (in fact it's a VServer) makes
nothing else than delivering and providing mail (Web an database
applications are running on other hosts/VServers). That gives me the
freedom to choose those packages which I believe to be most suitable for
this purpose without getting headache because of possible side-effects
on other applications. And I sweared never to compile or build packages
myself. Fortunately, I never had to break my word, up to now (at least
concerning the mail server ;)
I won't never claim that this system is "stable" as well as "secure".
It's just a compromise somewhere between.
That's how I deal with it.
Your mileage may vary.
hjb :-?
More information about the Pkg-exim4-users
mailing list