On Fri, 25 Jan 2002, Jonathan M. Slivko wrote:
> OpenSSH 3.0.3 is available from OpenSSH.Org. There is a prebuilt RPM for
> it at:
> http://www.haoli.org/rpm/redhat-7.x/RPMS/i386/openssh-3.0.1p1-1.i386.rpm
> . Why doesn't Red Hat just put this RPM into the base system? They might
> as well give all the newbies out there a more secure system out of the
> box. That's just my 0.02 cents worth.
Personally, I have the paranoia that Roldolfo expressed. In fact,
www.openssh.org maintains an area that includes RedHat Linux releases (or
rather rpm's). They or RedHat are my official sources for openssh and no
others. Depends on your trust level.
As far as RedHat including it in the base system, they in fact do for the
openssh version that was current at that time. They also update openssh
regularly to account for bugs and/or security issues. But this is not
necessarily the latest that openssh.org produces though.
Protecting Newbies can only go so far. There is point at which the newbie
has to get up to speed to maintain his/her system in a secure [1] state.
RHN does this quite nicely and easily.
[1] secure is defined by you as your needs and requirements will vary
with the application or situation you are managing.
_______________________________________________
Redhat-list mailing list
[EMAIL PROTECTED]
https://listman.redhat.com/mailman/listinfo/redhat-list
