I started looking into Debian this week as a replacement for some OpenBSD bridging firewalls. Nothing against OpenBSD, but I want something that doesn't have a support "life cycle" of only 1 year. And, since the patch at bridge.sourceforge.net has been out and in use for awhile now, I thought I'd give Linux a try for the bridging firewall. I have experimented with Debian a little bit in the pre-woody days (3 or so months before it came out). I did like apt and dpkg, but was disappointed that it didn't support package signing, or some form of package verification (other than a simple md5 checksum). Now I see support is there for signing packages in woody, but it isn't being used yet. I hope this changes in the near future, because I think it's quite important for verifying package integrity & authenticity. However, after using apt-get, dpkg, and apt-cache, I can't help but come away with a feeling of how superior it is to rpm + RHN. Right now, the only benefits that RHN has over apt + dpkg (that I can see) is package signature verification and a management interface that allows you to manage a large number of machines. However, I almost always update machines by hand, because I lock them down in a way that scheduled updates from RHN would fail without manual intervention. So, this feature doesn't really appeal to me that much. RHN also uses SSL, but if package sigs were used, this could just as easily be used to make sure that the package wasn't tampered with in transit. I think the benefits of dpkg + apt over rpm + RHN are probably too numerous to mention. I'll mention a few of the things I found that I like about dpkg + apt: I like that you can remove all of a package except it's configuration files in case you decide to re-install it. Although I probably wouldn't use this feature very often myself, I can see situations where it might be useful. I also like that you can have a package marked for removal so that as soon as another package is installed that can fill it's "function", you can have these "pending" packages automatically removed. For example, I tried to remove exim before installing qmail, and it wouldn't let me since exim provides the "mta" (or whatever it is) function. I also like being able to search a list of available packages with apt-cache. Although RH has a database of RPMs you can install, it seems to remain fairly static. And, as I understand it, you could also add repositories of Debian packages to your apt sources that aren't officially part of Debian and have those packages be included in your search once you do an "apt-cache update" (this would be true for other apt-* functions too). apt-get upgrade (need I say more?). Although RHN does have an up2date option that performs the same function, it won't upgrade a system from one release to the next. Although I don't think it's officially supported using "apt-get upgrade", I've read about several people doing it successfully in the past. The package configuration features provided by dpkg are pretty nice too. For example, after installing OpenSSH, it asked me several questions about configuration and even talked about the new privilege separation feature. Outside of dpkg+apt, my experience has been pretty good. Debian is definitely different, but that doesn't make it bad. I just need to get used to it's layout/setup. Probably the one gripe that I have is that "start-stop-daemon" is just too damn long to type! :-) (No flames please, that was just a poor attempt at humor). I understand the concept of stable/testing/unstable, and that if you want the latest and greatest version of a package you usually have to go beyond stable. The only thing that bothers me about this is that when I tried Debian previously, it seems that you run the risk of not having very timely security updates with testing/unstable packages. I know that only "stable" is officially supported according to the FAQ, so the typical response would probably be along the lines of "stick with stable". However, I can see where packages from testing/unstable could be required to fulfill a need. At least there is always the option to patch the package by hand since its open source. Overall, I think Debian would make a top notch choice for a server. For a desktop where I want the latest KDE and multi-media programs, I think I'll stick with Gentoo. -- Steve Bremer RHCE,CCNA -- Real Men don't make backups. They upload it via ftp and let the world mirror it. -- Linus Torvalds -- GnuPG Key fingerprint = 7F06 4D73 7963 BE96 5189 953A E285 CB2C BA03 2746 Available on key servers. ---- Husker Linux Users Group mailing list To unsubscribe, send a message to huskerlug-request@xxxxxxxxxxxxx with a subject of UNSUBSCRIBE