Re: [fw-wiz] I cannot install Firestarter

From: Martin Peikert (
Date: 01/15/03

From: "Martin Peikert" <>
To: Firewall Wizard <>
Date: Wed Jan 15 08:45:18 2003


Chapman, Justin T wrote:
> Actually, if you sign up for RedHat's RHN service, then you can use the
Right. You have to sign up if you want to use up2date, but that service
is not free - you have to pay for that what you can get free if you use
apt. Ok, that isn't really my problem...

Last december I needed to update a box where RH7.2 was installed and
tried to use up2date for that purpose. I already knew that the version
of openssl that was installed was buggy, but up2date didn't help to
update that package to a acceptable version - the newest available was
openssl-0.9.6b. As you know, that version was known as insecure long
before december. I took the sources and built my own rpm.

If you want to use a tool that provides security and doesn't fulfill the
minimum security requirements you need - what would you do? Use that
tool and get your box rooted or ask yourself what to do in the future?

> This really isn't the place to get in to a Debian/Red Hat debate, but
> comparing rpm to apt is an apples to oranges kind of thing. Rpm is the
> format of the packages themselves (as .deb's are in Debian). Up2date is the

Since he used rpm as tool to install packages, I cannot agree. I know
that rpm is the package format...

> package management tool Red Hat uses (as apt is in Debian). Just like
> rpm's, deb files by themselves don't resolve any dependencies, you need apt
> to do that.

...but as you probably know, rpm still _is_ a tool used in RH for
package management (as Manilo did). Ok, you should not use it because it
cannot resolve dependencies, but it is a package management tool. So, I
did _not_ compare apples to oranges - I compared package management tools.

I did not want to begin a debian/redhat debate, i just gave him a hint
how to avoid the problem he had (and, of course, the problem I had using
up2date) in the future.

P.S.: Would you please learn to quote?