[huskerlug] The Debain Leap
- From: Steve <steve@xxxxxxxxxxxxx>
- To: huskerlug@xxxxxxxxxxxxx
- Date: Thu, 13 Mar 2003 19:36:20 -0600
I started looking into Debian this week as a replacement for some
OpenBSD
bridging firewalls. Nothing against OpenBSD, but I want something that
doesn't have a support "life cycle" of only 1 year. And, since the patch at
bridge.sourceforge.net has been out and in use for awhile now, I thought I'd
give Linux a try for the bridging firewall.
I have experimented with Debian a little bit in the pre-woody days (3
or so
months before it came out). I did like apt and dpkg, but was disappointed
that it didn't support package signing, or some form of package verification
(other than a simple md5 checksum). Now I see support is there for signing
packages in woody, but it isn't being used yet. I hope this changes in the
near future, because I think it's quite important for verifying package
integrity & authenticity.
However, after using apt-get, dpkg, and apt-cache, I can't help but
come away
with a feeling of how superior it is to rpm + RHN. Right now, the only
benefits that RHN has over apt + dpkg (that I can see) is package signature
verification and a management interface that allows you to manage a large
number of machines. However, I almost always update machines by hand,
because I lock them down in a way that scheduled updates from RHN would fail
without manual intervention. So, this feature doesn't really appeal to me
that much. RHN also uses SSL, but if package sigs were used, this could just
as easily be used to make sure that the package wasn't tampered with in
transit. I think the benefits of dpkg + apt over rpm + RHN are probably too
numerous to mention.
I'll mention a few of the things I found that I like about dpkg + apt:
I like that you can remove all of a package except it's configuration
files
in case you decide to re-install it. Although I probably wouldn't use this
feature very often myself, I can see situations where it might be useful.
I also like that you can have a package marked for removal so that as
soon as
another package is installed that can fill it's "function", you can have
these "pending" packages automatically removed. For example, I tried to
remove exim before installing qmail, and it wouldn't let me since exim
provides the "mta" (or whatever it is) function.
I also like being able to search a list of available packages with
apt-cache.
Although RH has a database of RPMs you can install, it seems to remain fairly
static. And, as I understand it, you could also add repositories of Debian
packages to your apt sources that aren't officially part of Debian and have
those packages be included in your search once you do an "apt-cache update"
(this would be true for other apt-* functions too).
apt-get upgrade (need I say more?). Although RHN does have an up2date
option
that performs the same function, it won't upgrade a system from one release
to the next. Although I don't think it's officially supported using "apt-get
upgrade", I've read about several people doing it successfully in the past.
The package configuration features provided by dpkg are pretty nice
too. For
example, after installing OpenSSH, it asked me several questions about
configuration and even talked about the new privilege separation feature.
Outside of dpkg+apt, my experience has been pretty good. Debian is
definitely different, but that doesn't make it bad. I just need to get used
to it's layout/setup. Probably the one gripe that I have is that
"start-stop-daemon" is just too damn long to type! :-) (No flames please,
that was just a poor attempt at humor).
I understand the concept of stable/testing/unstable, and that if you
want the
latest and greatest version of a package you usually have to go beyond
stable. The only thing that bothers me about this is that when I tried
Debian previously, it seems that you run the risk of not having very timely
security updates with testing/unstable packages. I know that only "stable"
is officially supported according to the FAQ, so the typical response would
probably be along the lines of "stick with stable". However, I can see where
packages from testing/unstable could be required to fulfill a need. At least
there is always the option to patch the package by hand since its open
source.
Overall, I think Debian would make a top notch choice for a server.
For a
desktop where I want the latest KDE and multi-media programs, I think I'll
stick with Gentoo.
--
Steve Bremer
RHCE,CCNA
--
Real Men don't make backups. They upload it via ftp and let the world
mirror it. -- Linus Torvalds
--
GnuPG Key fingerprint = 7F06 4D73 7963 BE96 5189 953A E285 CB2C BA03 2746
Available on key servers.
----
Husker Linux Users Group mailing list
To unsubscribe, send a message to huskerlug-request@xxxxxxxxxxxxx
with a subject of UNSUBSCRIBE
Other related posts:
