Re: [Lilux-info] Re: [gnu.org #213194] RedHat conditions of use

Patrick Useldinger wrote: You are right on this one. In fact we use Slackware on our firewall machine (in fact 2 mirrored machines with 8 ethernet ports on each machine), where I changed many things (recompiled a nonmodular kernel, deleted files, removed SETUID flags on files, etc.) for security reasons. So it is almost a new distro ;-) For a firewall you only need very few things (kernel, sshd and so on), so you can compile and patch everything yourself. It would not be critical if Slackware would cease to exist overnight. I simply told that I would not use Redhat on a firewall for security reasons. It is much simpler to use Slackware as a base for your own minimalistic system than Redhat. It is even not possible to remove perl without breaking dependencies on a Redhat system. And since the system is heavily modified, the classic pro-Redhat arguments (support, strategic choice of one distro, etc) do not count anymore. But on our HP DL380 systems, it really makes sense to use Redhat Enterprise Linux. HP provides daemons, tools and a modified Redhat kernel to support the RAID controller (if you do not want to reboot into the BIOS everytime you want to change something on your RAID setup), fans (syslog entry for a failing fan), UPS and so on. I know that SuSE is an option for Oracle (but HP does not support special features on the DL380 for SuSE yet). But be aware that Oracle only supports Enterprise SuSE (not the consumer SuSE). And SLES is expensive too: 404,84 Euro for 1 server/year limited to 2 CPUs: http://www.suse.de/de/business/products/server/sles/pricing.html Anyway, even on Redhat systems, I am beginning to use only the basic system (kernel, libraries, etc) and recompile everything myself from source (./configure; make; make install). Reasons for this: 1. With the introduction of RHEL, Redhat dropped many packages. MySQL has been dropped for PostgeSQL, some PHP modules have been dropped, RHEL only includes Apache 2 and not Apache 1.3 and so on. The reason for this is that Redhat wants to minimalize the number of packages to support. RHEL is supported for 5 years, much more than consumer Redhat and especially Fedora. 2. You are not dependend on RHN anymore. It is important that you compile everything which needs special configuration (Apache, Webserver, Postfix, etc) from the start. If you begin with Redhat packages and if you need to patch because of security issues but are unable to do so (because you cannot use RHN) and are forced to use the source from the project's home page the migration may not be easy. Reasons for this are that files may be on other places and that you may have config files where some options are commented out. So you are automatically using default values for outcommented options which are different depending if you are using Redhat's packages or the source from the project's home page. 3. You may use the workstation version (Enterprise WS) on your server, which is *much* cheaper. The only difference between ES and WS: WS misses some network daemons (no problem if you compile network daemons yourself). There are no differences between WS and ES (apart from the missing daemons), no different kernel parameters, nothing! Redhat even recommends WS for clusters (because of the price): http://www.redhat.com/software/rhel/comparison/ 4. It is very easy to change the distro if you do not rely on the included Apache, FTP server and so on and if you have your daemons installed in /usr/local. But I would not push this too far: I would not compile a new sshd (if the one in the distro just works), but just compile the daemons critical to the users. Greetings, Patrick Kaell