From mboxrd@z Thu Jan  1 00:00:00 1970
Received: from lists.gentoo.org ([140.105.134.102] helo=robin.gentoo.org)
	by nuthatch.gentoo.org with esmtp (Exim 4.62)
	(envelope-from <gentoo-server+bounces-2794-garchives=archives.gentoo.org@gentoo.org>)
	id 1Hq8wD-0006S0-Km
	for garchives@archives.gentoo.org; Mon, 21 May 2007 14:32:42 +0000
Received: from robin.gentoo.org (localhost [127.0.0.1])
	by robin.gentoo.org (8.14.0/8.14.0) with SMTP id l4LEW7tL008390;
	Mon, 21 May 2007 14:32:07 GMT
Received: from mail.4L.ie (mail.4L.ie [193.27.1.25])
	by robin.gentoo.org (8.14.0/8.14.0) with ESMTP id l4LEUBwB006053
	for <gentoo-server@lists.gentoo.org>; Mon, 21 May 2007 14:30:12 GMT
Received: from oook.4L.ie (host86-140-171-94.range86-140.btcentralplus.com [86.140.171.94])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client CN "oook.4L.ie", Issuer "CA Cert Signing Authority" (verified OK))
	by mail.4L.ie (Postfix) with ESMTP id 9C4BE17828
	for <gentoo-server@lists.gentoo.org>; Mon, 21 May 2007 15:30:11 +0100 (BST)
Received: from office.4L (office.4L [192.168.1.106])
	(using TLSv1 with cipher DHE-RSA-AES256-SHA (256/256 bits))
	(Client did not present a certificate)
	by oook.4L.ie (Postfix) with ESMTP id 80DC12F4E
	for <gentoo-server@lists.gentoo.org>; Mon, 21 May 2007 15:30:10 +0100 (BST)
Date: Mon, 21 May 2007 15:30:10 +0100 (BST)
From: Ronan Mullally <ronan@iol.ie>
X-X-Sender: ronan@office.4L
To: gentoo-server@lists.gentoo.org
Subject: Re: [gentoo-server] Best practices in managing large server groups
In-Reply-To: <200705211544.10900.bangert@gentoo.org>
Message-ID: <Pine.LNX.4.64.0705211525330.9909@office.4L>
References: <4650937E.80301@spamcop.net> <4650BCC7.60909@vanalteren.nl>
 <Pine.LNX.4.64.0705210945560.9909@office.4L> <200705211544.10900.bangert@gentoo.org>
Precedence: bulk
List-Post: <mailto:gentoo-server@lists.gentoo.org>
List-Help: <mailto:gentoo-server+help@gentoo.org>
List-Unsubscribe: <mailto:gentoo-server+unsubscribe@gentoo.org>
List-Subscribe: <mailto:gentoo-server+subscribe@gentoo.org>
List-Id: Gentoo Linux mail <gentoo-server.gentoo.org>
X-BeenThere: gentoo-server@gentoo.org
Reply-to: gentoo-server@lists.gentoo.org
MIME-Version: 1.0
Content-Type: TEXT/PLAIN; charset=US-ASCII
X-Archives-Salt: ff0afaeb-7c53-42d7-82f9-0d81526ec7ba
X-Archives-Hash: 2b0a4f3e953b0418c553218c28fce0dd

On Mon, 21 May 2007, Thilo Bangert wrote:

> > I've held off on using Gentoo in larger deployments because the idea of
> > putting a C compiler on a production box is just silly.
>
> why?
>
> some production quality software _requires_ a compiler to run.
> http://varnish.projects.linpro.no/wiki/FAQ

As do many rootkits.  If somebody gets local access to a server with a
suite of development tools they're well on their way to rooting the box.
Removing these tools is simply a good example of security in depth.


-Ronan
-- 
gentoo-server@gentoo.org mailing list