Robert Bridge пишет:
That's what the "static package" people are referring to. A server that
can be set up, and once running should need minimal updating, for
security reasons.
What security reasons are you talking about? Hardened Gentoo is the most
secure linux distribution available.
You can't do that safely in Gentoo.
You can't do exactly that. But that's not the only way. With Gentoo, you
can do another things to make your servers reliable and secure.
Some people are happy with regularly changing packages, restarting
services every month because a new version of the server is in tree,
dealing with the breakage induced by things like python upgrades, bash
upgrades, portage upgrades, gcc upgrades, ...
Some people do their job. And that people has no in-production problems
*at all* regarding changes in the tree.
But for a 24/7 uptime on a high load server, most people consider those
For a 24/7 uptime on a high load server, some people consider
reliability through redundancy, stress and regress pre-production
testing, dedicated and secure chroot environments for every sinlge
service with minimal amount of packages and enabled USE flags, and so on...
to be unacceptable. Now Gentoo can be got to not do those, but as
anyone will tell you, updating a Gentoo box after a year is painful,
Don't do full update at once after a year.
and when you have to update to cover a critical security hole? Now try updating
a Debian box after a year?
Debian and security... Hmmm...
Don't mistake one awkward piece of software which is not supported in
the other distros for the general properties of those distros. Gentoo
is good for tweaking, it's good for doing "Your own thing", that does
Gentoo is good for people who care to invest their time and effort
instead of whining.
not make it automagically better than Debian or RHEL, or SLES in the
high-stability stakes.
Gentoo is absolutely better for me.
