[SunHELP] Solaris web/mail server
Dale Ghent
daleg at elemental.org
Sun Mar 6 21:41:03 CST 2005
On Mar 6, 2005, at 2:16 PM, Matthew Weigel wrote:
> On 6 Mar, 2005, at 4:07 AM, Dale Ghent wrote:
>
>> Unless you have the need for a certain authentication mechanism that
>> sun's ssh doesn't support, why bother forcing yourself to maintain
>> something when it really isn't necessary ?
>
> Well, either way it's necessary - whichever one you go with, you have
> to track that stream for security updates. Found some interesting
> commentary on another list's archives about it:
>
> http://sunportal.sunmanagers.org/pipermail/summaries/2003-March/
> 003368.html
Sure, we can ditch any of the free software that Sun provides a variant
of (example: Sun SSH, Sun Sendmail) but you must ask yourself if it is
worth the extra hassle.
I've been paying attention to Sun's performance with updating Sun SSH
(in Solaris 9) after a vulnerability in OpenSSH becomes known. I have
yet to see Sun sit on a known vulnerability for more than a few days
before they release a patch for ssh/sshd.
So...
Given the wide scope of my job and the many things I do, downloading,
compiling, and testing OpenSSH would probably happen with the same time
frame as Sun's. Unless I need a special mechanism (such as S/KEY) that
Sun's SSH does not support, I see no need to add Yet Another Package To
Recompile And Test to my list of things to do when all I need to do is
download and install the Sun SSH patch.
Sendmail, however, is a different story. I require some functional
additions that Sun's Sendmail does not have. Thus, I roll my own
version.
/dale
More information about the SunHELP
mailing list