Hi Jonathan
> On Tue, 30 Nov 2004 12:50:39 +0000 (UTC), Aaron Sloman
> <A.Sloman@cs.bham.ac.uk> wrote:
> ......
> >
> >It seems that linux vendors are now trying to package linux to be as
> >much like windows as possible and most windows users do not compile
> >or link anything???
>
> It's in part, I think, a security thing. If you are running a
> secure server, then naturally you spend every waking minute
> thinking about securty vulnerabilities and installing patches
> the very second they are released.
In the case of SuSe it seems the developers think that they can provide
pre-compiled versions of everything their users will want (via
their stupidly named tool 'YAST' -- how many novice users will
recognize that that's what they need to help configure their system?
I failed that test when I tried SuSe 9.1!).
There's some discussion of the issue here
http://www.linuxquestions.org/questions/history/243814
though I have not looked very closely.
> If, OTOH, you have a life, you may not *always* install updates
> and fixes instantly.
Another issue I have is that when I install a new linux (which I don't
do very often) there are things I like to use that come in source form
with utilities that enable them to be compiled easily on the platform
where they are going to be used, including, for instance, ctwm, tgif,
antiword, xdaliclock, xvidcap, lame, mpg123, and others.
On my laptop I had to upgrade the kernel in order to get SWSUSP
(software suspend) to work properly, which is almost indispensable for
me.
So, in my experience, the majority of uses of gcc are for installing
useful packages not for updates and fixes.
> If a hacker *does* get in, through, say, a
> buffer overflow exploit in one of your "visible" services (and a
> firewall is not going to save you) then they can do far less
> damage, or it is harder, if they are unable to compile source
> code.
Fortunately my firewall has proved very resistant for three years.
(One of the services now needs to be upgraded.)
> It's a general principle for security: don't run or install anything
> which isn't needed
Well, I could sit all day looking at pretty pictures on the screen, I
suppose...
> - it's another security risk. Most people
> running servers/doing wordprocessing etc. don't need to compile
> code.
Even if that is true of 'most' people, I find it strange that SuSe do
not give you an option during custom installation to select 'developer
tools' or some such thing.
> On the OpenPoplog "todo" list is a task to make standard binary
> packages for the common distros, so that recompilation is not
> necessary.
Who will decide which the common distros are? Someone who wants
something as unusual as poplog may also be the sort of person who
wants an unusual version of the operating system for some reason.
While I applaud the intention to provide packaged versions that work,
I suspect that will never cover all the requirements.
I switched from providing a packaged version of Poplog to relinking on
installation, partly because that coped better with changes in operating
systems, and partly because it made the Poplog tar file smaller.
But that is defeated by linux installations that don't include gcc!
Aaron
|