Building your own vs. deploying OS packaged version of MIT Kerberos?
Dameon Wagner
dameon.wagner at it.ox.ac.uk
Fri May 13 11:21:52 EDT 2016
On Fri, May 13 2016 at 07:56:29 -0700, Ray Van Dolson scribbled
in "Re: Building your own vs. deploying OS packaged version of MIT Kerberos?":
> On Fri, May 13, 2016 at 10:47:09AM -0400, Tareq Alrashid wrote:
> > The new world order seem to demand some adjustments to how we do
> > things nowadays with on premise and cloud service deployment. We
> > know how many OS’es come with prebuilt versions Kerberos RHEL/OS
> > X…etc., and I am starting to ponder if efficiency could be
> > optimized if we no longer built our own Kerberos binaries from
> > downloaded MIT source, but rather just configure OS’s e.g. RHEL 7
> > version of krb5-1.13? RedHat does release security patches with
> > OS patches and that can save us some manual labor.
> >
> > Is this an obvious non-issue as which version we choose to deploy
> > or is the known philosophy, I have been following since 1999;
> > download from MIT and build on my own.
> >
> > I have my own opinion, but I also wonder what others had in mind
> >
> > Thank you,
> > Tareq
>
> I'd use vendor provided packages whenever possible, unless you have
> some very specific need to roll from source. Scales better and
> frees your time to do other, valuable things. :)
If by vendor you mean OS distributor (rather than application vendor),
then I definitely agree.
Even in cases were we need to make material changes to packages, we
tend to patch and extend the distro package (where they exist) so that
we still get the benefit of other security patches and backported
fixes, rather than going all the way upstream.
Cheers.
Dameon.
--
><> ><> ><> ><> ><> ><> ooOoo <>< <>< <>< <>< <>< <><
Dr. Dameon Wagner, Systems Development and Support
IT Services, University of Oxford
><> ><> ><> ><> ><> ><> ooOoo <>< <>< <>< <>< <>< <><
More information about the Kerberos
mailing list