Today, Bruce McCulley gleaned this insight:
> An OS is a platform, all it should do is provide services to packages.
> The only reason for installing any OS is to run some set of packages.
> Point is that each installation will have its own set, and OpenBSD
> lets you have better control over the set of vulnerabilities that you
> get with your set of packages,
I don't think you're being really fair... I think if you install only the
RedHat packages that correspond to the OpenBSD default install, you will
find that you have nearly the same amount of security, if not
identical. RedHat DOES let you do this, but you have to pick your
packages manually.
> for two reasons: first, there are fewer inherent vulnerabilities in
> the platform; second, you get to choose your poison rather than
> getting everything installed and enabled by default (viz RedHat).
O.k. It pains me to take this side of the argument, precisely because
RedHat DOES have serious issues, BUT...
Can someone please explain to me which install option is RedHat's
"default" install? As far as I can tell, they don't have one. You have
numerous options at install time, which certainly includes the option to
install everything, but which also includes the option to chose EXACTLY
what you want to install.
Isn't that one of the things that Tony was praising about debian and/or
OpenBSD? Well, RedHat has it. And you don't have to type a 40-character
command line for each package you want to install, just click on
it. Personally I find that much more efficient. And I always explicitly
pick every package that goes on a server machine (we're working on a
kickstart config to make this much faster and easier)...
Also, as others have pointed out, comparing Redhat to OpenBSD is apples to
oranges... RedHat comes with a lot more software, and has a different
philosophy. Their distribution is geared more towards enterprise support,
so the focus of their various install options is on giving you most of
what you need for a particular purpose, without a lot of fuss. This
speeds up the install process, which is a welcome feature for most admins.
It is assumed that in the enterprise, you will have people that know how
to configure these things, and who at least have a clue about security.
RedHat is going after the enterprise market, quite simply, because they're
the most likely REAL revenue source. A fast install and ease of
administration is more valuable to a great many administrators, like
myself, than having to spend an hour or two extra to make sure the machine
is secure. This is part of the site customization every Unix system
must go through anyway... Even with the BSD's you need to do this, so all
this fuss about the default install being secure is extremely
misleading... it doesn't take into account what the machine is going to
have on it when it goes into production.
I'd guess that the default install hasn't been compromised because it
can't be used for any real work... you've got to install packages and
configure them for your site before the server can do anything, and
therein lies the problem. Any administrator, from the neophyte to the
seasoned veteran, can screw up at this stage, and that's when you have a
problem. There's also nothing stopping an administrator from installing
packages they're going to use LATER, but not configure them properly at
the outset, which could cause some serious problems.
Look, I'm not saying that OpenBSD is a bad product, or that it doesn't
have any strenghts that RedHat doesn't have... I've never said anything
of the sort. All I'm saying is there are a lot of valid reasons for RedHat
doing what it does, and that from a practical standpoint, some of the
arguments presented in this thread in support of OpenBSD just don't hold
water. And yes, RedHat does release buggy software, but they're also
usually pretty good about fixing it. All in all, it makes a pretty good
distro for use in a corporate setting, and in a home setting, despite some
of its flaws.
Would I like to see a "base install" option? Yeah, I would. I really
liked slackware's model of "here's everything you NEED... now go add what
you want." But does not having that make RedHat a worthless peice of
trash, as some people seem to be suggesting? No, it doesn't. It has
other advantages, and a few really redeeming qualities. That is the crux
of what I was trying to get across... Neither is absolutely better than
the other. It depends entirely on what you want!
I'm not going to say anything more on this topic, cuz anything else would
just be redundant. And repetitive too.
--
You know that everytime I try to go where I really want to be,
It's already where I am, cuz I'm already there...
---------------------------------------------------------------
Derek D. Martin | Unix/Linux Geek
[EMAIL PROTECTED] | [EMAIL PROTECTED]
---------------------------------------------------------------
**********************************************************
To unsubscribe from this list, send mail to
[EMAIL PROTECTED] with the following text in the
*body* (*not* the subject line) of the letter:
unsubscribe gnhlug
**********************************************************
