Re: Are you guys sure about that?
On Fri, Feb 23, 2001 at 08:34:51PM -0500, MaD dUCK wrote:
> also sprach Robert Cymbala (on Fri, 23 Feb 2001 05:23:01PM -0800):
> > This question comes from LULA discussion list (linux users LA). There
> > someone writes that with Red Hat 7, ``up2date'' is equivalent to
> > apt-get update/upgrade in terms of security patches. So, switching
> > to debian doesn't necessarily mean better or easier security...
>
> well, except that debian doesn't have $$$ in their eyes and up2date
> requires a subscription for $$$ as far as i know.
That's actually a common misconception. I can't believe I'm defending
redhat, but the up2date tool has been around since 6.1, and it doesn't
cost anything. What does cost money is priority ftp access, without
which you'll be hard-pressed to find a mirror that isn't overloaded
anytime other than the wee hours of the morning.
That said, up2date is *nothing* like apt. All it does it update rpms
that you already have installed with security fixes. There is no
capability in it to automagically install packages ala apt, nor is there
no upgrade to later version option either (which debian offers through
testing and unstable). up2date is also a pretty big resource hog for
just being an updater. It also makes remote updating virtually
impossible over a slow link, as AFAIK, it is a GUI (X) only tool.
All in all, I wasn't very impressed with it, other distributions have
had similar tools for a few years now (MandrakeUpdate comes to mind),
and none of them come close the capability of apt. As to security, it's
not just tools. Debian has a pretty good record of responding to
security holes extremely quickly, while Redhat can somtimes (not always)
drag their feet a bit. Debian also sets you up *much* more secure by
default than Redhat, which last time I installed 7, managed to installed
every service that existed by default (tftp even!).
-Rob
Reply to: