Considering Debian (currently using Red Hat)
Hi Everyone,
I'd like to get some of your thoughts on a few things relating to the
possibility of our company switching distributions from Red Hat to
Debian. As most folks already know, Red Hat has drastically changed
their strategy, and we ultimately must make *some* relatively drastic
changes no matter what. And, we intend not to switch to RHEL (though
not for financial reasons). This gives us the opportunity, welcome or
not, to consider other distributions. And even other OS's -- we're
frankly not closed to the idea of ultimately switching platforms
entirely to BSD or Solaris. So with this in mind,
1.) One of the biggest reasons we went with Red Hat many years ago was
RPM. Of course I know that Debian has a package system, and there're
constant arguments about which is better, if either. What I wonder,
though, is how they compare for the purposes of security checking. On a
Red Hat system, practically any file or directory outside of /home can
be found within the RPM database. We can check each and every file, its
MD5 hash, etc. It's like having a built-in Tripwire installation so
long as you trust the RPM database. We've modified the RPM installation
such that we can trust it more than we trust Tripwire. Do Debian
packages have similar security built-in?
2.) A related reason we used Red Hat was that practically anything you
could want to use was pre-packaged in a simple to install RPM. And they
were typically pretty high quality RPM's, and very often well
maintained. Do admins typically find that they're able to find Debian
packages for most software they're typically interested in using? I
realise this varries greatly between markets, but I guess what I'm
asking is do you usually find 70% of the packages you're interested in
in Debian package format, and well maintained? 80%? Just a general idea.
3.) I read quite a bit of the Web site, and see that in general,
releases seem to be very far and few between. This is advantageous to
ISP's, of course, because we want things to just "work". Is my
perception correct in that releases are far apart? When is the next
release expected? How significant is the difference from, say, 3.0 and
3.1. Can you just install a bunch of packages and call it an upgrade,
or do you have to go through a whole ordeal as you do between Red Hat .X
versions?
4.) How long are previous versions maintainaned with patches and such?
Or to restate this, how long after a new version is released are you
FORCED to upgrade in order to maintain security? How drastic are the
changes in between minor version increments (say, 3.0 to 3.1)? For
example, Red Hat has tended to make significant kernel upgrades and
glibc upgrades in minor version changes, and has caused significant
incompatibilities that have caught us by surprise.
5.) Of course we'll be testing it extensively ourselves, but what would
you say the most significant differences, both from a user and an admin
perspective, are between Debian and <Brand X> Linux? Or, maybe better
stated, why Debian? I know that's a religeously charged question, but
at the moment our only position is "not RHL." We're open to being
converted ;-)
6.) And finally, if you care to toss in any ideas or info, I'm very
glad and excited to hear it. For instance, if you were going to switch
all your systems within the next year, would you choose something else?
A BSD port? Go back to Solaris? Novell? SCO? Just kidding.
Thanks very much!
-Fred Whipple
Reply to: