[37504] in Kerberos
Re: Building your own vs. deploying OS packaged version of MIT
daemon@ATHENA.MIT.EDU (Dameon Wagner)
Fri May 13 11:23:04 2016
Date: Fri, 13 May 2016 16:21:52 +0100
From: Dameon Wagner <dameon.wagner@it.ox.ac.uk>
To: kerberos@mit.edu
Message-ID: <20160513152152.GG30993@maia.oucs.ox.ac.uk>
MIME-Version: 1.0
Content-Disposition: inline
In-Reply-To: <20160513145629.GA15827@esri.com>
Content-Type: text/plain; charset="utf-8"
Errors-To: kerberos-bounces@mit.edu
Content-Transfer-Encoding: 8bit
On Fri, May 13 2016 at 07:56:29 -0700, Ray Van Dolson scribbled
in "Re: Building your own vs. deploying OS packaged version of MIT Kerberos?":
> On Fri, May 13, 2016 at 10:47:09AM -0400, Tareq Alrashid wrote:
> > The new world order seem to demand some adjustments to how we do
> > things nowadays with on premise and cloud service deployment. We
> > know how many OS’es come with prebuilt versions Kerberos RHEL/OS
> > X…etc., and I am starting to ponder if efficiency could be
> > optimized if we no longer built our own Kerberos binaries from
> > downloaded MIT source, but rather just configure OS’s e.g. RHEL 7
> > version of krb5-1.13? RedHat does release security patches with
> > OS patches and that can save us some manual labor.
> >
> > Is this an obvious non-issue as which version we choose to deploy
> > or is the known philosophy, I have been following since 1999;
> > download from MIT and build on my own.
> >
> > I have my own opinion, but I also wonder what others had in mind
> >
> > Thank you,
> > Tareq
>
> I'd use vendor provided packages whenever possible, unless you have
> some very specific need to roll from source. Scales better and
> frees your time to do other, valuable things. :)
If by vendor you mean OS distributor (rather than application vendor),
then I definitely agree.
Even in cases were we need to make material changes to packages, we
tend to patch and extend the distro package (where they exist) so that
we still get the benefit of other security patches and backported
fixes, rather than going all the way upstream.
Cheers.
Dameon.
--
><> ><> ><> ><> ><> ><> ooOoo <>< <>< <>< <>< <>< <><
Dr. Dameon Wagner, Systems Development and Support
IT Services, University of Oxford
><> ><> ><> ><> ><> ><> ooOoo <>< <>< <>< <>< <>< <><
________________________________________________
Kerberos mailing list Kerberos@mit.edu
https://mailman.mit.edu/mailman/listinfo/kerberos
