Building your own vs. deploying OS packaged version of MIT Kerberos?

[Sean Elble]

On 13.05.2016 10:47, Tareq Alrashid wrote:
> The new world order seem to demand some adjustments to how we do
> things nowadays with on premise and cloud service deployment.  We know
> how many OS’es come with prebuilt versions Kerberos RHEL/OS
> X…etc.,  and I am starting to ponder if efficiency could be
> optimized if we no longer built our own Kerberos binaries from
> downloaded MIT source, but rather just configure OS’s e.g. RHEL 7
> version of krb5-1.13?  RedHat does release security patches with OS
> patches and that can save us some manual labor.

As someone who *always* used to build my own versions of packages, my 
philosophy for the last ten years or so has been to use the 
distribution-provided packages unless you have a *really* good reason to 
build them yourself.  Red Hat, Debian, etc. can dedicate a lot more time 
to tracking, patching, and testing bugs and security holes than most 
people (certainly myself) can.

> 
> Is this an obvious non-issue as which version we choose to deploy or
> is the known philosophy, I have been following since 1999; download
> from MIT and build on my own.

For me, the only reason I'd go with building my own would be to 
standardize on a given version across platforms.  That, or if you needed 
special compile time options that a distribution doesn't compile with, 
but that's exceedingly rare, I think.

> 
> I have my own opinion, but I also wonder what others had in mind
> 
> Thank you,
> Tareq
> ________________________________________________
> Kerberos mailing list           Kerberos at mit.edu
> https://mailman.mit.edu/mailman/listinfo/kerberos