[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: support for RedHat distributions
Firstly, Martin, I just want to say thanks for the effort you have put
in with respect to linux security at SFU. Linux has been a valuable
addition to our networking infrastructure here in Psychology and the
linux-security group has been an asset in managing that resource. Your
spear-heading efforts in developing the linux-security group and
providing Linux security notices and updated RPMs are appreciated. I
sincerely hope that we can continue to pool information, share knowledge
and exeriences and otherwise simply benefit from the collective
conscious regardless of which direction we head.
Now, down to the business at hand...
Before looking at the alternatives you presented, let me present my
current situation. I have three Red Hat Linux servers deployed; one web
and database server, one software development system, and one box acting
as a firewall/gateway to a subnetted lab. All are running 7.2 and all
are updated with subscriptions to RHN. My needs for a Linux support is:
- Risk Management tools - including centrally available security
and errata updates.
- Distributions that are supported for at least two years
(longer = better).
- A simple method of adding, updating and removing packages -
read: RPMs or similar - tarballs don't cut it.
- Reasonable cost - $349 USD/machine/year is not reasonable when
it is the Linux community developing the updates and Red Hat
merely providing a delivery service. The current cost,
$60 USD/machine/year is reasonable.
Alternative 1: Fedora Linux - Red Hat has made it clear that Fedora is
not geared towards the production environment. I'm not going to test
that claim. Following Fedora would be a very expensive solution in
terms of time spent testing distributions and application software and
maintaining production systems. Further, deploying bleeding-edge
software raises security risks to an unwarranted level.
Alternative 2: SuSE - I will probably test-drive SuSE. What concerns me
about SuSE however is that the benefit over a Red Hat product only
pertains to the 9.0 Professional package; their enterprise server line
is more expensive than Red Hat's to purchase and yearly maintenance is
almost as expenensive as Red Hat. It is unclear to me at this time
whether nor not SuSE's "free" maintenance program on 9.0 Professional
would cover the necessary server components that I need to run (e.g.
Postgres) or if it would only cover the packages that are part of the
Alternative 3: Debian - Could probably make this work, but would prefer
an RPM-based solution. Third-party support is, as you mentioned, also
What I "wish" is that Red Hat would provide its existing update service
at a reasonable price! I e-mailed Red Hat two weeks ago, asking if they
were considering a Educational pricing on RHN for the Enterprise Server.
They have yet to respond.
My decision on which direction I will take will likely be influenced by
what we (SFU's linux users) might be able to do collectively. I look
forward to hearing where others are with this issue.
Martin Siegert wrote:
> Dear Linux-security subscribers:
> ... there will be none (see subject).
Richard Blackwell Ph : 604.291.4092
Manager, Information Technology Fax: 604.291.3427
Department of Psychology RCB 5320
Simon Fraser University