[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Considering Debian (currently using Red Hat)

Hi Everyone,

I'd like to get some of your thoughts on a few things relating to the possibility of our company switching distributions from Red Hat to Debian. As most folks already know, Red Hat has drastically changed their strategy, and we ultimately must make *some* relatively drastic changes no matter what. And, we intend not to switch to RHEL (though not for financial reasons). This gives us the opportunity, welcome or not, to consider other distributions. And even other OS's -- we're frankly not closed to the idea of ultimately switching platforms entirely to BSD or Solaris. So with this in mind,

1.) One of the biggest reasons we went with Red Hat many years ago was RPM. Of course I know that Debian has a package system, and there're constant arguments about which is better, if either. What I wonder, though, is how they compare for the purposes of security checking. On a Red Hat system, practically any file or directory outside of /home can be found within the RPM database. We can check each and every file, its MD5 hash, etc. It's like having a built-in Tripwire installation so long as you trust the RPM database. We've modified the RPM installation such that we can trust it more than we trust Tripwire. Do Debian packages have similar security built-in?

2.) A related reason we used Red Hat was that practically anything you could want to use was pre-packaged in a simple to install RPM. And they were typically pretty high quality RPM's, and very often well maintained. Do admins typically find that they're able to find Debian packages for most software they're typically interested in using? I realise this varries greatly between markets, but I guess what I'm asking is do you usually find 70% of the packages you're interested in in Debian package format, and well maintained? 80%? Just a general idea.

3.) I read quite a bit of the Web site, and see that in general, releases seem to be very far and few between. This is advantageous to ISP's, of course, because we want things to just "work". Is my perception correct in that releases are far apart? When is the next release expected? How significant is the difference from, say, 3.0 and 3.1. Can you just install a bunch of packages and call it an upgrade, or do you have to go through a whole ordeal as you do between Red Hat .X versions?

4.) How long are previous versions maintainaned with patches and such? Or to restate this, how long after a new version is released are you FORCED to upgrade in order to maintain security? How drastic are the changes in between minor version increments (say, 3.0 to 3.1)? For example, Red Hat has tended to make significant kernel upgrades and glibc upgrades in minor version changes, and has caused significant incompatibilities that have caught us by surprise.

5.) Of course we'll be testing it extensively ourselves, but what would you say the most significant differences, both from a user and an admin perspective, are between Debian and <Brand X> Linux? Or, maybe better stated, why Debian? I know that's a religeously charged question, but at the moment our only position is "not RHL." We're open to being converted ;-)

6.) And finally, if you care to toss in any ideas or info, I'm very glad and excited to hear it. For instance, if you were going to switch all your systems within the next year, would you choose something else? A BSD port? Go back to Solaris? Novell? SCO? Just kidding.

Thanks very much!

   -Fred Whipple

Reply to: