[ale] Would you get Redhat Tomcat from Redhat or Apache?

Neal Rhodes neal at mnopltd.com
Fri Aug 16 16:45:16 EDT 2013


Thanks for all the replies. 

Perhaps a thread that seemed to run through it is that there is a
difference between: 

Aiming for best security (by using Redhat and appying patches) but maybe
more challenge with VA scan. 
Aiming to pass the quarterly VA Scan (by loading the most current Apache
version a week before the scan and not doing any security patches for 3
months. ) 
Aiming to pass a PCI audit. 

Neal Rhodes
MNOP Ltd


On Mon, 2013-08-12 at 20:54 -0400, Wolf Halton wrote:

> If you have to be PCI-compliant. Redhat is probably the vendor you
> want the auditors to see here.
> RedHat is always behind all the upstream projects.
> 
> If you have more than a handful of servers, homogenize your servees as
> much as you can.  Hand-rolled source is great for test boxes, but
> impossible to maintain at scale.
> 
> Wolf Halton
> --
> http://wolfhalton.info 
> Apache developer:
> wolfhalton at apache.org
> 
> 
> On Aug 12, 2013 2:26 PM, "Jim Kinney" <jim.kinney at gmail.com> wrote:
> 
>         RHEL Tomcat will work just fine with Oracle JDK. You just have
>         to do the alternatives song-n-dance to make it the default. So
>         install the OpenJDK AND Oracle and make sure you block further
>         updates to OpenJDK in yum/RHN. Be ready to unblock if a
>         security patch for tomcat calls for an updated tomcat which
>         wil then force the OpenJDK to update and likely force
>         alternatives back to openJDK from Oracle.
>         
>         
>         
>         Good luck getting a Non-RedHat vendor to code with OpenJDK.
>         
>         
>         
>         
>         On Mon, Aug 12, 2013 at 1:47 PM, James Sumners
>         <james.sumners at gmail.com> wrote:
>         
>                 My problem with the RH provided Tomcat is it depends
>                 on OpenJDK. If
>                 you have to worry about support from an application
>                 vendor (not RH),
>                 then they are likely requiring the Oracle JDK.
>                 Additionally, the last
>                 time I tried to get the Tomcat native libraries to
>                 work with RH's
>                 package it was a no-go (had to use the JBoss repos
>                 which I don't have
>                 license for).
>                 
>                 I do not, however, compile Tomcat from source for my
>                 servers. I use
>                 the binary packages available from Apache.
>                 
>                 
>                 On Mon, Aug 12, 2013 at 12:40 PM, Neal Rhodes
>                 <neal at mnopltd.com> wrote:
>                 
>                 > Trying to get back on A topic which relates to
>                 linux....
>                 >
>                 > If you were charged with putting up a secure
>                 internal Web Services framework
>                 > on RedHat Enterprise Linux 6.4 for a financial
>                 application, would you:
>                 >
>                 > "yum install tomcat6"
>                 >
>                 > or,
>                 >
>                 > go to Apache.org, download the sources, compile, and
>                 pray.
>                 >
>                 >
>                 > No, this is not a trick question.    I've always
>                 just used the tested
>                 > supplied Redhat version which "just works".  But
>                 there are apparently other
>                 > opinions, just trying to figure out if they are
>                 crazy.
>                 >
>                 > Neal Rhodes
>                 > MNOP Ltd
>                 >
>                 
>                 > _______________________________________________
>                 > Ale mailing list
>                 > Ale at ale.org
>                 > http://mail.ale.org/mailman/listinfo/ale
>                 > See JOBS, ANNOUNCE and SCHOOLS lists at
>                 > http://mail.ale.org/mailman/listinfo
>                 >
>                 
>                 
>                 
>                 --
>                 
>                 
>                 James Sumners
>                 http://james.roomfullofmirrors.com/
>                 
>                 "All governments suffer a recurring problem: Power
>                 attracts
>                 pathological personalities. It is not that power
>                 corrupts but that it
>                 is magnetic to the corruptible. Such people have a
>                 tendency to become
>                 drunk on violence, a condition to which they are
>                 quickly addicted."
>                 
>                 Missionaria Protectiva, Text QIV (decto)
>                 CH:D 59
>                 
>                 _______________________________________________
>                 Ale mailing list
>                 Ale at ale.org
>                 http://mail.ale.org/mailman/listinfo/ale
>                 See JOBS, ANNOUNCE and SCHOOLS lists at
>                 http://mail.ale.org/mailman/listinfo
>                 
>         
>         
>         
>         
>         -- 
>         
>         -- 
>         James P. Kinney III
>         
>         Every time you stop a school, you will have to build a jail.
>         What you gain at one end you lose at the other. It's like
>         feeding a dog on his own tail. It won't fatten the dog.
>         - Speech 11/23/1900 Mark Twain
>         
>         http://heretothereideas.blogspot.com/
>         
>         
>         
>         _______________________________________________
>         Ale mailing list
>         Ale at ale.org
>         http://mail.ale.org/mailman/listinfo/ale
>         See JOBS, ANNOUNCE and SCHOOLS lists at
>         http://mail.ale.org/mailman/listinfo
>         
> 
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo


-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mail.ale.org/pipermail/ale/attachments/20130816/13d009e8/attachment-0001.html>


More information about the Ale mailing list