[SGVLUG] Ubuntu .VS. FC5 as servers

Sean O'Donnell sean at seanodonnell.com
Fri Aug 11 18:50:14 PDT 2006


-----BEGIN PGP SIGNED MESSAGE-----
Hash: SHA1

Am I the only one who thinks package management tools are more of a
restriction than a convenience?

Am I the only one who would rather compile Server Applications (ssh,
http, etc) from the source rather than a pre-configured package?

I guess I'm one who likes to learn and do things the 'hard' way?!

*heh... I'm not trying to be cynical, just asking* =p

I (personally) don't care for most 'mainstream' distros because they are
all based upon (imo, shoddy) package management systems, which (imo) is
a security risk in itself.

How are package management systems a security risk, you ask?

What lessons have we learned from Windows, I ask?

If 10,000 production-level (insert your fav distro) systems get
'installed' or 'patched' by the same package, that means you have 10,000
production-level systems with the same exact configuration, thus making
(possible) exploitation on a wide-scale, that much easier.

This is a (hard) lesson learned from using and observing attacks on
Windows, and another reason why I shun package management systems and
most 'mainstream/commercial' Linux distributions in general.

However, back to the original-point of this topic... if I had to choose
between FC5 and Ubuntu, I would probably (err, definitely) cry for a few
hours, but end up choosing Ubuntu.

I agree with most previous replies for reasons they choose Ubuntu as well.

- --

Sean O'Donnell
South Pasadena, CA
sean at seanodonnell.com
http://seanodonnell.com

PGP Public Key ID: 0xAC769035
PGP Public Key Server: http://pgp.mit.edu

-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.4.3 (GNU/Linux)

iD8DBQFE3TPWCUrh+ax2kDURAqVIAKCt9qzl7tsXHrtgnjkMx0ModRVnxACg0BfW
65yXBGFnch9Uj6UD4nTaLAg=
=DJpI
-----END PGP SIGNATURE-----


More information about the SGVLUG mailing list