[WBEL-users] Wondering about RedHat
Craig White
craigwhite@azapple.com
Wed, 29 Sep 2004 09:38:27 -0700
On Wed, 2004-09-29 at 08:19, John Hinton wrote:
> I have been running RedHat (non-graphical apache/mail/bind/mysql server
> setups) since version 5.1 or so. I've done up2date for years and only
> ever had one issue where suddenly mysql could not be run from an
> offserver client. All in all, pretty minor considering the number of
> updates over the years. My whole reason for staying with RedHat was this
> track record. Yes, I could be more of a tech head and 'research' ever
> package before installing, but gee, I just don't seem to have the time
> to do that.
>
> That was then... this is now....
>
> So, we do the updates and suddenly bind is totally broken, I'm getting
> those makewhatis errors via cron and email... It seems that the quality
> control has badly degraded. How on earth can you send something out that
> breaks bind?
>
> So, I'm left wondering if their 'new' business model is creating some
> 'holes'. Perhaps Fedora Core is not in fact really feeding a good
> product over the the EL section? This is just all interesting to wonder
> about. What has changed and why are they suddenly now putting out so
> many bad packages?
>
> I'm really disturbed at this trend. I used to feel pretty darned secure
> about running up2date at any time... now???? Here I am on what is
> supposed to be the flagship product, and I now feel as though I need a
> 'test' server, upon which I can attempt to precisely mirror the packages
> installed on my more loaded machines, in order to see what's broken this
> time.
>
> Sorry to be venting here, but gee, what's going to be broken next time?
> The kernel? PAM? Something that will take my server down and leave me
> with no method to even get into it? I'm concerned.
>
> I would like everyone to know that I am totally directing this at RedHat
> and not Whitebox, as Whitebox does appear to be following exactly as
> they should, right down to the same broken packages.
>
> I'm left wondering though, if perhaps on these quarterly updates, if
> maybe we should create a 'beta' area, for us to test on, before throwing
> us into the den of lions, where 'stuff dies'? Maybe consider putting the
> security updates where they should be and the quarterly updates
> elsewhere, to protect us from the RedHat blunders. Or maybe even have a
> repository directory for only the security updates where we could set
> up2date to look only there and then do mass updating at other times.
> Maybe this could be done on only one repository or something... I
> know.... this is a pipe dream, but gee, for now I'd personally like to
> skip all this broken stuff and feel secure about updates again. Give
> RedHat time to put out the patched rpms for the broken stuff before
> updating. This could potentially make Whitebox more conservative, which
> it already is due to the slight time delay on updates, but even better
> than its parent.
>
> I'm just happy for this list, where the fixes are generally posted, so
> if one does run a bit behind on mission critical servers, the fixes are
> generally posted before I get around to doing my updates.
>
> Just food for thought....
>
> Thanks for Whitebox,
> John Hinton <who is now very happy he's not on a 'beta' EL subscription
> and is looking at these SUSE DVDs laying here>
-----
I guess I don't understand your point. I use RHEL at some clients and
WBEL at home.
I have absolutely no problem with RHEL 3 with bind/makewhatis or
whatever you seem to be going on about.
I am running bind on my WBEL at home.
None of them are chrooted but you can choose to run them chrooted and it
seems a new install would run them chrooted which obviously is thought
to be a security feature. It isn't much work to change bind to work
either way (see /etc/sysconfig/named).
Craig