From: Jon Bendtsen (jon+vserver_at_silicide.dk)
Date: Wed 27 Aug 2003 - 14:33:01 BST
Kris Boulez wrote:
> On Mon, 2003-08-25 at 13:27, Rus Foster wrote:
>>On Mon, 25 Aug 2003, Allen Parker wrote:
>>>If you guys need a mirror, I'd be happy to provide anon-rsync, anon-ftp, and
>>>http access to the diskimages.
>>OK First copy of the files are at http://www.jvds.com/vserver. I'm just
>>finishing up the other images
> First of all, let me say that I find this a good idea.
> I do have a question though from a security point. How are these images
> created ? Are there any scripts used we can examine/run ourselves ?
This is a basic problem, but let me ask you another...
Do you personaly check the patches for the linux kernel that Jaques
makes? Are you familiar with the history of how ken tompson? got a
backdoor into gcc? The point i am making is that you cant _TRUST_
everything, but at some point you have to trust someone to get a
computer, to get software, to get ...
That aside, if you want to run a debian vserver, (not neasesarely in the
root server), then paul.allen.com? or something has a script called
debian-newserver.sh, that creates everything from a debian mirror.
(or so it appears, so i trust that it does get it from a mirror).
Besides, what good is a vserver, the "root server" is MUCH more valuable.