>What I need is a lists of reasons, logical supportable reasons, that I could >use to convice a change of standardization. Quite literally, this will decide >what the next 50-100 systems will look like. DO they run Redhat or Debian...
How's this one: We recently had a rash of intrusions on several Linux boxes here on our campus. Of the ones I've been told about, all of them were RedHat or derivatives thereof. None of mine seem to have been broken into. Mine are all Debian. Now, we can go back and forth all day about why. In this case, however, I think the particular saving grace is Debian's "dselect" utility. You see, all of the intrusions seem to have been made via a hole in the IMAP server. This hole was patched some time ago, and was available in compiled form, I'm sure, for Debian and RedHat. However, dselect lets a Debian user say "Go get me the latest versions of everything I've got installed". I don't know if there's a package like this for RedHat. I haven't found it yet. I don't expect there to be one, since it would make it harder for RedHat to sell upgrades if you could "Click here to automatically upgrade to the latest version". So, for RedHat... the commercial entity, there's a dis-incentive for them to provide such a tool. A few people have told me you just have to keep an eye on their errata page. Now, being on the bleeding edge has its drawbacks. My co-workers sometimes get on my case for always upgrading to the latest stuff in "unstable". However, I prefer the occasional broken install to an outright security hole. I *can* say this.... since these IMAP breakins... nobody's been complaining to me about how often I upgrade the packages. - Joe
