Re: Woody or Sarge

From: Adi Linden (adil_at_adis.on.ca)
Date: 10/05/04

  • Next message: Paul Johnson: "Re: Woody or Sarge" 
    Date: Mon, 4 Oct 2004 23:53:40 -0500 (CDT)
To: Paul Johnson <baloo@ursine.dyndns.org>

    > If you're satisfied with the existing feature set, are new features
    > really anywhere near as important as security fixes? Particularly
    > when it comes to production servers?

    New features aren't important at all. It is all about maintaining the
    current state of a server while keeping it secure on a hostile network.
    And with the least amount of effort, where security updates do not break
    anything...

    > No kidding. There's one person on the Portland Linux User's Group
    > mailing list saying he's just has his up-to-date Red Hat server
    > compromised as many times as the Windows server it's replacing. That
    > just has to be exasperating for him!

    RedHat has been a frustrating experience. I put a lot of effort into
    building a few rpms for RedHat 7.1 that met some very specific needs. Also
    created a kickstart CD that loaded 'my' version of RedHat 7.1 onto
    headless servers without user intervention. When the CD popped out the box
    was accessible via ssh on the local network. So RedHat pumped out a bunch
    of releases in fairly quick succession. RedHat 8 was never fit for
    production use, IMHO. When RedHat 9 was released I was still deploying new
    servers using RedHat 7.2. Then updates for anything but RedHat Enterprise
    Linux quickly vanished. My BIG issue is the short lived support in terms
    of security updates. Having to reinstall a server after 18 month is
    totally unacceptable.

    > Not long after the next Stable happens, because it's not hard to
    > upgrade in Debian. 18 months seems about average, IIRC.

    This means that for longest possible support I should be looking at
    deploying Sarge, not Woody. How timely are security issues addressed in a
    Sarge?

    Adi 

    -- 
To UNSUBSCRIBE, email to debian-user-REQUEST@lists.debian.org 
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org
  • Next message: Paul Johnson: "Re: Woody or Sarge"

    Relevant Pages

    • Re: Reviewed the rhn code .. RE: Red Hat Network updates
      ... > We did a brief security review of the Redhat update applications ... Is the code too obscured to carry on security audits? ... > servers must give serious thought to and perhaps reconfigure. ... > components it uses have received considerable review, ...
      (Focus-Linux)
    • Reviewed the rhn code .. RE: Red Hat Network updates
      ... We did a brief security review of the Redhat update applications ... Network" of servers, which would represent a good percentage of the ...
      (Focus-Linux)
    • Why redhat will never get another dime of my money.
      ... Over the past 8 years, I've deployed about 1800 redhat servers, 1/2 of them being in turnkey beowulf clusters, ... RedHat will not be involved in any of my future deployments. ... I have a serious problem with my satellite server. ... Australian: "Let me go find our satellite guy, ...
      (RedHat)
    • Re: Odd server side scripts source disclosure vulnerability
      ... > And more likely to run on Redhat than any other one... ... Ethical Hacking at the InfoSec Institute. ... with one of our expert instructors. ... learn to write exploits and attack security infrastructure. ...
      (Pen-Test)
    • [Full-disclosure] What RedHat doesnt want you to know about ExecShield (without NX)
      ... Few of you may have seen my comments on the following article in RedHat ... I think the issue deserves more widespread attention among the security ... effort of disinformation for both SELinux and ExecShield. ... where I also comment upon some ExecShield behavior under a non-NX system. ...
      (Full-Disclosure)