Re: ISP asking about switching to Debian from OpenBSD
On Tue, Nov 20, 2001 at 01:28:36PM -0600, David Batey wrote:
> STABILITY: is Debian a good choice for heavy lifting?
There are some legit concerns regarding the Linux kernel as opposed to
the *BSD kernels as far as heavy lifting goes, but if you're considering
Debian, then you probably feel that those concerns are addressed to your
satisfaction. As far as distributions go, Debian's packaging quality is
very high, and if you go with stable that's exactly what you get:
> I know
> about apt-get for easy installation of bug/security patches; does
> the ease-of-install ever compromise security or functionality?
Not in my experience. If you setup apt to use the Debian security
source in addition to the main apt sources, you get painless and
(potentially) automatic security updates. For example, I have a cron
that automatically checks for security updates and downloads them
nightly, and mails the result. Usually I find out about security
uploads before debian-security does.
> OpenBSD is pretty secure; how does Debian compare? Is Woody ready
> for prime-time yet? (If not, would an upgrade from potato to
> woody likely cause hiccups?)
If you setup Debian in a secure fashion (ie, install what you need, run
what you need), then you'll be about as secure as OpenBSD. Many of the
bugs that OpenBSD finds in their excellent code auditing get propagated
Personally, I wouldn't run woody on a server, however I willingly make
the tradeoff between newer versions of packages and stability. I have
been running woody on my desktop and laptop for a couple of months, and
have had very little trouble.
An upgrade from potato to woody should be fairly painless (although, you
probably wouldn't want to do it while your server was going at full
> FUNCTIONALITY: We need DNS server packages, ssh (with ssh
> tunneling available for other services), smtp/pop, web-based
> scheduling/claendaring/email facilities, HTTP (apache/mod_perl)
> servers, and so on...
Debian ships with OpenSSH by default, although the commercial version is
available. You have your choice of pre-packaged MTAs: sendmail, exim,
postfix (my current favorite), and POP servers (uw, cyrus, courier). I
tend to not use the pre-packaged apache in production situations, but
that's because I tend to have special needs, and it's easier to just
build my own. The Debian pre-packaged one is great for prototyping
stuff, though, 'cause it's built in a very generic fashion, with lots of
modules ready to go.
> Any input is welcome -- both pro and con, of course.
Debian has required the least amount of admin effort of any Unix I've
adminned (Redhat, FreeBSD, Solaris).
> And please CC: me directly, as I'm not on the list (yet -- but
> you might help change that :).
If you do decide to go with Debian, the lists are a good place to get
help or advice. There are more specialized lists than debian-user,
however, that might be able to provide more assitance (like
debian-firewall, or debian-isp). See lists.debian.org for details.