On Sun, May 3, 2009 at 2:17 PM, Lisa Kachold wrote: > Fedora 10 has to be my favorite distro this year.  It's absolutely amazing > just how easy Linux installation has become.  Setting up KDE and Gnome is > really simple to allow either.  Eclipse runs immediately from package > management install with all the plugins! > > Here's a great reference for setting up Fedora 10 Personal, with > instructions for adding repos, installing codecs, and turning off unneeded > services:      http://www.mjmwired.net/resources/mjm-fedora-f10.html > > Once you get all your codecs setup, test it with free television: > http://freetube.110mb.com/index.php?view=Ac3dmbW92aWVjaXR5 > > And the patch process actually works!  I won't give you my "coding at 300 > baud" ancient history stories, but this is the most powerful system, > incredibly created via open source submissions! > {I actually have had "discussions" with Linux admins who choose NEVER to > patch anything, believe it or not (partly because patch management was > rarely chosen over compiled sources, due to breakage and limitations)!} > > Discovery and reporting of security issues is swift, I can't imagine any way > a "profit" based company with top down hierarchical business plan management > could possibly compete with the open source model. you mean like IBM, who is responsible for the bulk of Fedora development? -jmz > Here's three security > issues reported so far: > > Fedora Directory Server before 10 allows remote attackers to obtain > sensitive information, such as the password from adm.conf via an IFRAME > element, probably involving an Apache httpd.conf configuration that orders > "allow" directives before "deny" directives. > http://www.securityspace.com/smysecure/catid.html?id=CVE-2005-3630&ctype=cve > > tog-pegasus in OpenGroup Pegasus 2.7.0 on Red Hat Enterprise Linux (RHEL) 5, > Fedora 9, and Fedora 10 does not log failed authentication attempts to the > OpenPegasus CIM server, which makes it easier for remote attackers to avoid > detection of password guessing attacks. > http://www.securityspace.com/smysecure/catid.html?id=CVE-2008-4315&ctype=cve > > ZoneMinder 1.23.3 on Fedora 10 sets the ownership of /etc/zm.conf to the > apache user account, and sets the permissions to 0600, which makes it easier > for remote attackers to modify this file by accessing it through a (1) PHP > or (2) CGI script. > http://www.securityspace.com/smysecure/catid.html?id=CVE-2008-6755&ctype=cve > > Anyone got any good suggestions for Fedora 10? > > www.obnosis.com (503)754-4452 > "Contradictions do not exist." A. Rand > > --------------------------------------------------- > PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us > To subscribe, unsubscribe, or to change your mail settings: > http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss > --------------------------------------------------- PLUG-discuss mailing list - PLUG-discuss@lists.plug.phoenix.az.us To subscribe, unsubscribe, or to change your mail settings: http://lists.PLUG.phoenix.az.us/mailman/listinfo/plug-discuss