Re: DEBIAN or REDHAT ?

To: Ossama Othman <othman@astrosun.tn.cornell.edu>
Cc: debian-user@lists.debian.org
Subject: Re: DEBIAN or REDHAT ?
From: Craig Sanders <cas@taz.net.au>
Date: Fri, 27 Feb 1998 01:45:07 +1100 (EST)
Message-id: <[🔎] Pine.LNX.3.96.980227011843.449A-100000@siva.taz.net.au>
In-reply-to: <[🔎] Pine.GSO.3.96.980226074548.21843B-100000@breezy.tn.cornell.edu>

On Thu, 26 Feb 1998, Ossama Othman wrote:

> I am currently using hamm and am very happy with it.  I will be
> installing a new Linux system soon but everyone is telling me to
> install RedHat 5.  Has anyone any opinions on this?  I tend to be
> partial to Debian, especially with GNOME being integrated into hamm.
> However, I've never used Redhat.

i'd say stick with what you already know and like.  RH isn't as nicely
integrated a system as debian is, and RH5 is from all reports i've read,
quite buggy - even when compared to the hamm pre-release. they rushed it
out the door before it was ready.

I can't see that switching to RH5 would gain you anything.  There's
nothing in RH5 that isn't in hamm....in fact, hamm has a lot more
packages available for it and is (almost) pure libc6, whereas RH5 is a
mixture of libc5 and libc6 packages.

debian isn't perfect (nothing is :), but if you're used to debian and
like the way it works then you will probably find RH to be clumsy,
frustrating and annoying.

BTW, redhat are committed to gnome too - because RH are commercial they
can't even distribute a working KDE (because of the Qt license problems)
so they don't really have any choice.  They're putting a lot of energy
into supporting the gnome project.

> Also, I've been advised that RedHat puts out security fixes the next
> day after a CERT advisory is released.  How is Debian when it comes to
> security and other patches?

RH doesn't always come out with a fix the next day.  Either does debian.
Both RH & Debian tend to be very prompt with security fixes - we both
see good security as being vital.  From what i've seen on the security
lists, sometimes RH beats debian with a released patch, sometimes debian
beats RH....it works out about even.  It's not really a race, anyway -
all linux dists that i know of share their security patches around.

> When I was using bo, patches weren't released very often.  Is this
> an indication that RedHat is more buggy, or is it an indication that
> Debian is more stable?

my guess is that it's a combination of things:

1. you probably weren't looking in the right place. as someone else
pointed out, the fix for ssh was released within a few days of the bug
being discovered. ssh is crypto and therefore a dangerous munition...it
can't be exported from the US so you won't find it on any of debian's US
ftp servers.  You can only find it in the free world - non-us.debian.org
or mirrrors.

2. security fixes are announced on debian's web page.  Look for the
security link on http://www.debian.org/

3. bo is an anomaly.  or more precisely, the upgrade to hamm is an anomaly
because it has taken so long and is such a big change.  In the past we have
been able to advise users to just upgrade individual packages to the version
in 'unstable'.  We haven't been able to do that this time around because the
stable release (bo) and unstable (hamm) are based on different versions of
the libc.    Upgrading any individual package to the version in hamm
requires upgrading the entire system to hamm.

The procedure for doing this upgrade is quite well documented now (and
there's even a script to do it automatically) but it's still a lot of
work just to get one package upgraded.

Fortunately, once hamm is released (code freeze is scheduled for
mid-late march!), users will be able to easily upgrade any individual to
the 'unstable' version, so we'll be back to "normal".

> For example, when the CERT advisory for SSH-AGENT was release over
> a week ago, one of the OSes that responded to the CERT advisory was
> RedHat.  Much to my dismay, Debian wasn't one of the OSes that was
> mentioned on the CERT list.  I ended up compiling SSH on my own.

sometimes they mention debian, sometimes they don't. ditto for redhat
and slackware and other distributions. ditto for other unixes too.

quite often, security problems on other unixes or other distributions
aren't a problem on debian - either because we already fixed it or
because the problem is only exploitable in specific environments.

craig

--
craig sanders

--
TO UNSUBSCRIBE FROM THIS MAILING LIST: e-mail the word "unsubscribe" to
debian-user-request@lists.debian.org . 
Trouble?  e-mail to templin@bucknell.edu .

Reply to:

References:
- DEBIAN or REDHAT ?
  - From: Ossama Othman <othman@astrosun.tn.cornell.edu>

Prev by Date: Server Questions (fwd)
Next by Date: RE: Help!! --/dev/ttyS0 input overflow error --
Previous by thread: Re: DEBIAN or REDHAT ?
Next by thread: Re: DEBIAN or REDHAT ?
Index(es):
- Date
- Thread