Thank you all, Yosi, Tzafrir, Oleg, Ira, Chen, and Izar.
To say that now I'm less confused than before, will not be correct,
but I'll try to use your generous responses to make decisions.
Anyway, some notes:
> "Mandrake also wins (hands down) the "easiest distribution to break
> into remotely" and "easiest distribution to break into locally",
> having finally released 8 fixes for very severe security bugs in 7.1
Oh, I read that quotation when it was published. It is a simple
statistics-based interpretation, and not something fair to base
judgement on. These 8 vulnerabilities were not Mandrake's (but
shared for all the Linuxes), and most of them are not dangerous for
people with the "paranoid" configuration mode. In any case, being
paranoid and publishing as many security patches as you can,
doesn't make you a worse distro; I'm afraid that the vendors will
be afraid to publish security patches because of a possible bad
impression...
> Regarding the "Paranoid Security" you mentioned, it can be reached
> on RH as well with products such as Bastille, that was designed to run
I wish I could use a distro ready with special security patches
(maybe KRUD?). However, Bastille is not relevant:
1. There is no Bastille for 6.2, but only for 6.0/6.1.
2. Bastille doesn't support the openwall patch, but a competing
one. while some people feel more comfortable with that one, most
of the people who want a kernel supporting secure-stacks,
including me, prefer the openwall solution (please no religious
wars...). IIRC, Mandrake uses the openwall solution.
In addition, it is not easy to patch existing kernels with the
secure-linux patches, because usually these kernels (especially RH
and Mandrake) already contain many other patches, and are already
different from the original Linus kernel. It is always better to
get the kernel ready from the vendor, with all the patches already
built-in, and the conflicts already resolved.
Regarding GNOME vs. KDE: I didn't ask which is better; It's a
religious question, and involves personal taste, etc. I only asked
if one of them is more suitable to RH while another one is more
suitable to Mandrake. And I specified this question to 6.2 and 7.1.
Contrary to the past, when everybody knew that RH supports GNOME
better than any other distro, and that Mandrake main advantage is
its KDE support, some people claim that it is different with the
latest versions (6.2 and 7.1); What is your opinion?
In addition, there is a very specific question about the Hebrew
support of Mandrake; Does it work with both - GNOME and KDE?
Tzafrir gave a quite good answer, but if anybody has anything to
add, I'll be happy to read.
> Mandrake position themselves as "more cutting edge" they don't wait for a
> piece of software to be true, tried and tested before including it in a
> distro, therefore it is possible to install a Mandrake that is less stable
> than what you'd like your server to be.
It may look paradoxally, but keeping yourself with the "latest and
greatest" versions, makes your distro safer against crackers, so -
better as a server. Yes, sometimes it may be less stable ("new
version, new bugs"...); But from my experience, all of the security
holes are finally found and fixed, and most of the "successful"
cracks were done when the OS was too old, or when the administrator
forgot to install patches. So if you start with the latest version,
you have more chances to have less vulnerabilities in your OS. In
any case, it doesn't save you from the need to install patches as
soon as they are available, and the delay of Mandrake in providing
the wu-ftpd patch looked very bad.
The shortest but most practical response I received, was from Izar:
> I used ReiserFS off a Mandrake box over
> NFS. It didn't work well, but it worked.
It was also a frightening response. "Imalle...". And I'm confused;
What should I do? If it doesn't support NFS, then it's useless. Not
only for my needs, but for 90% of the people. And what is the
solution, to use ext2 ??? A stupid hardware error (or unexpected
UPS failure) may end up with the loss of all your data (well, a
very small chance of 0.01%. But it is possible...), while the
chance for such a damage with ReiserFS is much lower.
I think I'll adopt Ira's suggestion, and try it. If anybody else
has any RELEVANT experience, please report! ("relevant" means not
any experience with ReiserFS, and even not a more specific
experience with ReiserFS over NFS, but the very specific case of
Mandrake's ReiserFS over NFS).
Thanks all of you again,
--
Eli Marmor
=================================================================
To unsubscribe, send mail to [EMAIL PROTECTED] with
the word "unsubscribe" in the message body, e.g., run the command
echo unsubscribe | mail [EMAIL PROTECTED]
