Ping Phoenix

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

Hey Phoenix,

I told you I would be picking your brain once in a while.

Does Gentoo make sure that any security patches they release for their "stable" distribution won't break anything? I know that's how Debian does things but am unsure how Gentoo handles security patching.

I've done some Googling on the subject and can't seem to find anything definitive on the subject so you're my first resource after Google.

P.S. I left a PM for you too, but you don't seem to find them....

 

Oh man! Ad-blocking software has been detected! :'(

This website is run by the community, for the community... and it needs advertisements in order to keep running. Blocking our ads means your killing our stats!
Please disable your ad-block, or become a premium member to hide all advertisements and this notice.

I am rubbish at replying to PMs these days, im very disapointed in myself

anything un tested gentoo masks, IE, test at your own risk

but stuff in the standard update cycle gentoo has tested, although not with every combination of circumstances, most of gentoo security patches are included in thier minor build releases, so an emerge -uD world will keep you upto date in most instances, also keep your config as secure as and you should be fine


remmeber, anything you have to hack about with to install is not likely to be on that 'tested' list

 

Since you posted this, and I did a bunch more research, I found a thread in the Gentoo forums on security patches. There are more than a few and less than many guys who say that using -uD switches with emerge world has almost completely wiped out all their configuration files. Are you sure this type of updating is safe?

From that same thread I see where Gentoo is designed more to be "bleeding edge" than "stable and secure". That doesn't strike me as Gentoo being a good base for development or production servers, especially something such as a production web application server, as there would be too much constant change going on that would tend to break apps.

What's your assessment of that idea?

 

It's a fair assessment
it is in no way designed to be as secure as something like OpenBSD
but it is still secure, and you dont have to keep it bleeding edge
alot of the folks i know end up using things like Deb and fedora for servers like that, they are not as fiddily as gentoo is for long term server deployment

the -uD thing seems like a **** up on someones part, after any emerge that brings new config files you are given the option to keep the current one, merge the two, use the new one (Generally a fresh example config) etc, when you have updated 500 packages its easy to understand someone going 'uhhh lets just click 5 and auto use all the new ones) ive done it myself a few times and not realised its blanked my SAMBA config, that was my lesson learned though, now I go through them and any config I recognise as 'played with' i take careful concideration of the changes

 

Thanks Phoenix.

I really do think Debian is a far better choice for long term server deployment because of their security update strategy and because Debian releases a "Stable" distribution that really does stay stable, package wise, for an extended period of time. It makes it much easier to administer, because once it's set up it's going to stay that way for at least a year, and security patching is as easy as "apt-get update" and "apt-get upgrade" with only very rarely having to worry about ever breaking something.

After seeing Gentoo in a production environment I'm really starting to understand why Debian is the fastest growing distro in terms of server market share. It really is well-suited to the task.