On Fri, Feb 17, 2012 at 10:32:41AM +0000, Niall O Broin wrote:
> On 17 Feb 2012, at 10:00, Tom Salmon wrote:
>> > If you're worried about the integrity of your server, then may I suggest that you use the Roundcube package which is provided by your distribution from its package manager.
> >
> > The alternative would be that with the assistance of a search engine, anyone could find exploitable installations of the web app.
>> You think that using the Roundcube package which is provided by your distribution somehow protects you from security holes in the application? In fact, if you install straight from the source, you'll have quicker access to security fixes - but they'll be harder to apply.
>
It depends on how much effort you intend to put in to keeping the system up to date.
Sure, installing straight from the source gets you the latest version with all the security fixes. However patching this becomes a time-consuming manual job, and may require periodically checking for updates.
`apt-get install roundcube`
`apt-get update && apt-get upgrade`
Is a lot less work, and provided that the distribution is maintained it should patch critical security issues.
Tom.
--
Tom Salmon
http://tomsalmon.eu/
Maintained by the ILUG website team. The aim of Linux.ie is to
support and help commercial and private users of Linux in Ireland. You can
display ILUG news in your own webpages, read backend
information to find out how. Networking services kindly provided by HEAnet, server kindly donated by
Dell. Linux is a trademark of Linus Torvalds,
used with permission. No penguins were harmed in the production or maintenance
of this highly praised website. Looking for the
Indian Linux Users' Group? Try here. If you've read all this and aren't a lawyer: you should be!
