Well, consider the alternatives for a few. My experience has been with
screen reader enabled versions of linux and covers debian; slackware, and
what's now called fedora formerly redhat. I have subscriptions to
slackware and maybe debian might do well to offer subscriptions in future
too. Fedora was the most difficult to install and reinstall of these
distros. out of the box fedora security was effectively wide open.
Another sysadmin who installed it had to turn off several servers and do
various other tightening jobs. Slackware was easier to install but of the
three distros has the least available for updating the system and security
that I've been able to find on the internet. I need to get the other
sysadmin to install a copy of slackware for out of the box security
evaluation so some comparison may be possible. Fedora's architecture back
in the redhat days broke tcp-wrappers so versions of tcp-wrappers fedora
has since installed have been broken to force them to conform with fedora.
Specifically tcpdcheck is missing as are the other tcp-wrappers utilities
so even if it is installed it's difficult to fine tune what it's doing and
monitor results of security tightening with that package. slackware seems
to be missing the full package too but that might be because I haven't
searched the right directory for tcpdcheck. debian has been the C-64 of
the Linux world because more packages are available on the net for it than
its other two competitors. That's part of what comes with this particular
territory an embarrassment of riches brings with it its own problems.
I'm sure everyone on this list is aware of the security concept of running
lean systems. That is, if six editors are available and those on the
system only use one editor it's adviseable to remove and exclude the other
five editors. Perhaps software useage profiling which offers to remove
and exclude packages already exists but it seems in a situation like this
with an embarrassment of riches using software to help keep systems lean
might go some way to helping out. I've found debian also to be the
easiest installed and reinstalled distro too for those I've tried so far
too.
On Thu, 3 Mar 2005, Benedict Verheyen wrote:
Caveman wrote:
I could not agree more. I love debian and I think its a great system,
however the whole release cycle thing is starting to become a issue.
Woody is just getting too old, even for servers. So what options do
you have ? Well you can use sarge, seems stable enough, however no
security. Thats a major issue in my mind.
I could use unstable, which I have found to be highly stable and I use
apt-listbugs with it which has not seen me deal with a breakage yet.
However the large number of updates that unstable gets (as it should)
starts to make this possess time consumming. So where does that leave
us? To me it starts to make debian far less useful. Which is very sad
as I think its the best distro I have ever used.
I understand that running a distro is very hard work, however I think
the debian people really need to look at their whole system.
Maybe there are some core issues which are causing the problem.
However from a end user point of view its annoying.
Hopefully its something that can be sorted out soon, before people
start using other distros.
Caveman
I don't think people would be so sensitive about the release cycle if the
alternatives where explained and documented better.
If you use woody and make your own/use backports then i really isn't an issue
because you're running a stable tested system with the latest software.
But as i said, there should be good documentation on how to backport so
people can do it themselves. This is also the way to go for security because
you take a risk installing somebody elses backports.
Off course when the release cycle would continue to grow, then we have a more
fundamental problem.
Regards,
Benedict
--
Benedict Verheyen Debian User
http://www.heimdallitservices.be Public Key 0x712CBB8D
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED] with a subject
of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
--
To UNSUBSCRIBE, email to [EMAIL PROTECTED]
with a subject of "unsubscribe". Trouble? Contact [EMAIL PROTECTED]
