1. This site uses cookies. By continuing to use this site, you are agreeing to our use of cookies. Learn More.

Ping Phoenix

Discussion in 'Computer Security' started by ffreeloader, Mar 3, 2006.

  1. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    Hey Phoenix,

    I told you I would be picking your brain once in a while. :biggrin

    Does Gentoo make sure that any security patches they release for their "stable" distribution won't break anything? I know that's how Debian does things but am unsure how Gentoo handles security patching.

    I've done some Googling on the subject and can't seem to find anything definitive on the subject so you're my first resource after Google.

    P.S. I left a PM for you too, but you don't seem to find them.... :twisted:
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1
  2. Phoenix
    Honorary Member

    Phoenix 53656e696f7220 4d6f64

    5,726
    175
    221
    I am rubbish at replying to PMs these days, im very disapointed in myself

    anything un tested gentoo masks, IE, test at your own risk

    but stuff in the standard update cycle gentoo has tested, although not with every combination of circumstances, most of gentoo security patches are included in thier minor build releases, so an emerge -uD world will keep you upto date in most instances, also keep your config as secure as and you should be fine


    remmeber, anything you have to hack about with to install is not likely to be on that 'tested' list
     
    Certifications: MCSE, MCITP, VCP
    WIP: > 0
  3. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    Since you posted this, and I did a bunch more research, I found a thread in the Gentoo forums on security patches. There are more than a few and less than many guys who say that using -uD switches with emerge world has almost completely wiped out all their configuration files. Are you sure this type of updating is safe?

    From that same thread I see where Gentoo is designed more to be "bleeding edge" than "stable and secure". That doesn't strike me as Gentoo being a good base for development or production servers, especially something such as a production web application server, as there would be too much constant change going on that would tend to break apps.

    What's your assessment of that idea?
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1
  4. Phoenix
    Honorary Member

    Phoenix 53656e696f7220 4d6f64

    5,726
    175
    221
    It's a fair assessment
    it is in no way designed to be as secure as something like OpenBSD
    but it is still secure, and you dont have to keep it bleeding edge
    alot of the folks i know end up using things like Deb and fedora for servers like that, they are not as fiddily as gentoo is for long term server deployment

    the -uD thing seems like a **** up on someones part, after any emerge that brings new config files you are given the option to keep the current one, merge the two, use the new one (Generally a fresh example config) etc, when you have updated 500 packages its easy to understand someone going 'uhhh lets just click 5 and auto use all the new ones) ive done it myself a few times and not realised its blanked my SAMBA config, that was my lesson learned though, now I go through them and any config I recognise as 'played with' i take careful concideration of the changes :)
     
    Certifications: MCSE, MCITP, VCP
    WIP: > 0
  5. ffreeloader

    ffreeloader Terabyte Poster

    3,661
    106
    167
    Thanks Phoenix.

    I really do think Debian is a far better choice for long term server deployment because of their security update strategy and because Debian releases a "Stable" distribution that really does stay stable, package wise, for an extended period of time. It makes it much easier to administer, because once it's set up it's going to stay that way for at least a year, and security patching is as easy as "apt-get update" and "apt-get upgrade" with only very rarely having to worry about ever breaking something.

    After seeing Gentoo in a production environment I'm really starting to understand why Debian is the fastest growing distro in terms of server market share. It really is well-suited to the task.
     
    Certifications: MCSE, MCDBA, CCNA, A+
    WIP: LPIC 1

Share This Page

Loading...