> Personally, I think source-based distributions are a step
> backward. I administer an old Solaris 8 box which at this point
> is mostly source-based.
> I build the source. I install the source. I worry about upgrades
> to the source. I use GNU Stow for package management.
I don't think I could make a blanket statement like that. If we were
talking about Slackware, yes, I'd say it's a step backwards. I wouldn't
say the same for Gentoo, however (or even FreeBSD).
> I do wonder how the source-based distributions manage security
> upgrades.
"Repackage" the upstream and make it available, same as the binary-based
distros do? Gentoo, anyways -- I can't speak for all of them as that's
the only one I use.
> When they're focused on end-users and desktop machines they don't
> need to worry as much about security upgrades. Let the end-users
> muck it out. Let them subscribe to all the important lists, and
> install the patches by hand.
> This doesn't work so well in a production environment, though.
*waits for the USSG guys to jump in*
> The big benefit of binary distros for servers is that package
> maintenance gets a lot easier. Who cares about base system
> install time? It is meaningless as it happens once. The problem
> comes when you need to perform security upgrades, and when your
> users want you to add software, and they want it fast. Worse
> still, when there's been a single major security hole fixed that
> will require relinking almost all your system with an updated
> library.
In this age of multi-core CPUs and gigabit connections, I don't think
this is as much of an issue as it used to be. I can still bring this
Gentoo box up to date quicker than I can some of our Windows servers.
> How easy would it be if you need to patch zlib or worse yet,
> libc? I know how easy it is to upgrade core libraries on
> Debian-based systems. I know how much impact it has on my users
> and how much down-time to expect. More than that, as it is an
> automated process there's little to no chance that I'll muck it
> up.
Easy enough? Can it be done as quickly as just plunking down a new
binary package? No, but it works for me. I suppose that's why we have
a choice. =)
> The ease of upgrading is the big reason I have favored
> Debian-derived systems. I'm currently administering Debian 3.1
> systems. However at the next major system upgrade those will be
> moving to Ubuntu LTS.
I have been (was) a fan of Debian for years. The Debian Project seems
to be falling apart, however, due to all the politics. With Debian you
have your choice of rock-solid software that's a few years old, or
bleeding-edge software that can potentially (and will, eventually) hose
your system.
I'm much happier w/ RHEL.
--
Jeremy L. Gaddis
Network Administrator
Ivy Tech Community College of Indiana
812.330.6156 (w) 812.330.6212 (f)
_______________________________________________
BLUG mailing list
BLUG@linuxfan.com
http://mailman.cs.indiana.edu/mailman/listinfo/blug
No comments:
Post a Comment