[WBEL-users] Wondering about RedHat

[Craig White]

On Wed, 2004-09-29 at 08:19, John Hinton wrote:
> I have been running RedHat (non-graphical apache/mail/bind/mysql server 
> setups) since version 5.1 or so. I've done up2date for years and only 
> ever had one issue where suddenly mysql could not be run from an 
> offserver client. All in all, pretty minor considering the number of 
> updates over the years. My whole reason for staying with RedHat was this 
> track record. Yes, I could be more of a tech head and 'research' ever 
> package before installing, but gee, I just don't seem to have the time 
> to do that.
> 
> That was then... this is now....
> 
> So, we do the updates and suddenly bind is totally broken, I'm getting 
> those makewhatis errors via cron and email... It seems that the quality 
> control has badly degraded. How on earth can you send something out that 
> breaks bind?
> 
> So, I'm left wondering if their 'new' business model is creating some 
> 'holes'. Perhaps Fedora Core is not in fact really feeding a good 
> product over the the EL section? This is just all interesting to wonder 
> about. What has changed and why are they suddenly now putting out so 
> many bad packages?
> 
> I'm really disturbed at this trend. I used to feel pretty darned secure 
> about running up2date at any time... now???? Here I am on what is 
> supposed to be the flagship product, and I now feel as though I need a 
> 'test' server, upon which I can attempt to precisely mirror the packages 
> installed on my more loaded machines, in order to see what's broken this 
> time.
> 
> Sorry to be venting here, but gee, what's going to be broken next time? 
> The kernel? PAM? Something that will take my server down and leave me 
> with no method to even get into it? I'm concerned.
> 
> I would like everyone to know that I am totally directing this at RedHat 
> and not Whitebox, as Whitebox does appear to be following exactly as 
> they should, right down to the same broken packages.
> 
> I'm left wondering though, if perhaps on these quarterly updates, if 
> maybe we should create a 'beta' area, for us to test on, before throwing 
> us into the den of lions, where 'stuff dies'? Maybe consider putting the 
> security updates where they should be and the quarterly updates 
> elsewhere, to protect us from the RedHat blunders. Or maybe even have a 
> repository directory for only the security updates where we could set 
> up2date to look only there and then do mass updating at other times. 
> Maybe this could be done on only one repository or something... I 
> know.... this is a pipe dream, but gee, for now I'd personally like to 
> skip all this broken stuff and feel secure about updates again. Give 
> RedHat time to put out the patched rpms for the broken stuff before 
> updating. This could potentially make Whitebox more conservative, which 
> it already is due to the slight time delay on updates, but even better 
> than its parent.
> 
> I'm just happy for this list, where the fixes are generally posted, so 
> if one does run a bit behind on mission critical servers, the fixes are 
> generally posted before I get around to doing my updates.
> 
> Just food for thought....
> 
> Thanks for Whitebox,
> John Hinton <who is now very happy he's not on a 'beta' EL subscription 
> and is looking at these SUSE DVDs laying here>
-----
I guess I don't understand your point. I use RHEL at some clients and
WBEL at home.

I have absolutely no problem with RHEL 3 with bind/makewhatis or
whatever you seem to be going on about.

I am running bind on my WBEL at home.

None of them are chrooted but you can choose to run them chrooted and it
seems a new install would run them chrooted which obviously is thought
to be a security feature. It isn't much work to change bind to work
either way (see /etc/sysconfig/named).

Craig