Re: Versioning system
From: David Schwartz (davids_at_webmaster.com)
Date: Sat, 5 Jun 2004 19:41:28 -0700
> * I know CVS and subversion are used in production system, but these
> production system genrallyhave automated backup systems, and the
> apache is configured by someone who know security, read bugtrack and
> patch whenever necessary.
Every production system that is accessible from a public network should
have automated backup systems, by configured by someone who knows security,
and should have all security patches applied by vigilant administrators.
> I won't do that.
Hey, fine, if you don't care about security, then don't follow security
practices. But then don't complain that your system isn't secure. The
techniques you have rejected are the *ONLY* ones that result in good
> * I don't really know the difference between OpenSSL and OpenSSH. All
> i know is that i don't want a ssh server listenin to the internet.
Why? What is the particular threat you are worried about? It's
impossible to understand your requirements.
If your requirement is, "I want a secure, reliable system but I won't do
backups, learn enough about security to competently cofigure it, or patch
it, or hire someone to do these things", then the answer is, sorry. You
can't be a concert piano player without decades of lessons and practice.
That's what it takes to get to that.