[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[ale] Web server OS

Jeff Hubbs wrote:
> First, there's no specific distinction between "updates" and
> "security updates" under Gentoo.

I have been very aware of that since the beginning of the discussion.
It is exactly what my experience tells me will create more problems than
it solves.

> There are security advisories that are issued for Gentoo packages
> regularly, but the solution is simply one of updating even if it's
> from 1.2.3 to 1.2.3-r1 (where the -rX) signifies a within-version
> change made downstream from the original code by Gentoo package
> maintainers.  Under Gentoo, the package management is more of a 
> distributed human effort that's under central oversight.

Sounds very similar to what everyone else is doing here.

> As for "z years," I guess it's one of those things like any other 
> community-based effort - when interest is lost or if the effort is 
> overcome by events (say, the advent of the HAL 9000), the effort will
>  stop.  Someday all of Linux will land in the dustbin.

I completely understand that my stated 5 years of support for Ubuntu
server can disappear at any moment.  That is a risk with anything, not
just our choice of distribution.

The important part about that 5 year support is that I have a pretty
reasonable guaranty that I'll have the same major revision of each
packaged piece of software for 5 years.  If I have servers that are
chugging away happily with the software they have installed, I'd much
prefer not to mess with it until I have to.

It takes significantly less time to test the small number of packages
that get security updates than it does to test everything that just
happens to have incremented its version number.

> You might want to look through gentoo.org yourself - specifically the
>  Social Contract (derived from Debian's) and Philosophy pages.

I don't have a problem with the idea of a distribution that is just the
newest working version of every piece of software.  I think it is a
wonderful idea, and I think it has its place.

> What I have found, having dealt with both Red Hat, its derivatives,
> and Gentoo for several years, is that when I establish a Gentoo
> machine it's for a larger purpose and once the machine's established,
> the distribution gets out of my way and lets me focus on what I was
> going to use it for; the computer and its OS become infrastructure.
> Now, this is just me and my sensibilities I'm talking about here;
> other people may find their stride elsewhere.  Part of the whole
> point of using Open Source software is finding and developing your
> own strengths as an individual and being able to pick and choose what
> you use for what and how you use it is just part of that process.

Laziness, impatience, and hubris.  I don't know how much impatience you
have, but we both seem to have enough hubris.  I think you just need to
learn more laziness :)


-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 197 bytes
Desc: OpenPGP digital signature
Url : http://mail.ale.org/pipermail/ale/attachments/20081224/799034c9/attachment.bin