[clug] In Praise of Red Hat
Al MailingList
alpal.mailinglist at gmail.com
Sun Jul 12 06:43:43 MDT 2009
On Fri, Jul 10, 2009 at 9:05 AM, Alex Satrapa<alexsatrapa at mac.com> wrote:
> On 10/07/2009, at 00:02 , Al MailingList wrote:
>
>> "haven't got a rogue ISO that's been maliciously attacked"? So if they
>> put an iso on their front page anyone can download, I should be
>> worried it has been hacked? I'm not sure I follow?
>
> If someone else hosts a "RedHat ISO", chances are it's dodgey. Perhaps it
> comes with a bunch of spyware and zombie processes running by default. Who
> knows. You could spend your time trying to audit the package, but who's to
> say they haven't included broken 'ps' and other tools so you'd never know
> what your installation was actually doing.
>
> What it boils down to is: don't trust people you don't know
Absolutely... but what has this got to do with whether Red Hat make
the ISO available or not? I was responding to a post that said they
(RH) didn't make the ISO freely available because they are "making
sure that you haven't got a rogue ISO that's been maliciously
attacked". What I didn't understand (and still don't) was how Red Hat
making the ISO available to one and all increased the chances of the
ISO being hacked and people downloading the hacked version.
Regardless of whether an ISO is readily available (lots of distros of
linux) or not (Windows) or somewhere in the middle (RHEL), you should
always verify the source media. The implication was that you can't
trust something that's freely available, which IMHO is innacurate.
More information about the linux
mailing list