[plug] Version 2.0 of Novell Evolution to be integrated with Exchange Connector

Bernd Felsche bernie at innovative.iinet.net.au
Thu May 13 11:20:17 WST 2004


On Thursday 13 May 2004 10:41, Shayne O'Neill wrote:
> On Wed, 12 May 2004, Bernd Felsche wrote:
> > On Wednesday 12 May 2004 21:21, Chris Caston wrote:
> > > Open Source! Party on!

> > Just read the download instructions, and I'm SCARED!
> >
> > http://www.novell.com/products/evolution/download.html
> >
> > 	Open a terminal window.
> > 	Using the su command, become superuser (root).
> > 	Type the following command or cut and paste it into your terminal:
> > 	wget -q -O - http://go.ximian.com |sh

> > You DEFINITELY don't want to do that on a production box.

> not that you would be running evolution at all on a server.

Server? Who said anything about a server?
And maybe you do if you have diskless clients using that server.

> it would presume x11

Any _production_ box (and those connected to it) can be easily
compromised if you let just anybody execute arbitrary instructions
as root on that machine.

Not only do you put your production environment at risk, you also
open up your network to the whole world. It totally defeats and
potentially bypasses just about all firewalling measures. The
instructions invite you to browse the Internet as the root user.

The "convenience" doesn't outweigh the potential risks.

I have enough problems with root permissions when I'm at the
keyboard.

Download the rpms manually, check the checksums against a trusted
source and install manually if it appears kosher.

-- 
/"\ Bernd Felsche - Innovative Reckoning, Perth, Western Australia
\ /  ASCII ribbon campaign | I'm a .signature virus!
 X   against HTML mail     | Copy me into your ~/.signature
/ \  and postings          | to help me spread!





More information about the plug mailing list