Re: Arch Linux on servers?

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]



Hi,

Am 10.07.2013 13:59, schrieb Sébastien Luttringer:
> 7) Security
> Debian is not more secure because their softwares are old. It's a lie.
> Check the number of open flaw in the security bug tracker[10].
> If you want to be in a secure environment stay up-to-date, don't use
> debian stable, use debian sid. So Archlinux is a good alternative.

Nevertheless they have a policy as well as a team dedicated to these
issues in place. Coming along with this is a well accredited mailing
list informing you about current issues. Other "server distros" such as
RHEL (and/or centos) have something very similar.

As already pointed out Arch might not push all minor security releases
into the official repositories. Especially in case of a new major kernel
release, minor versions didn't always make it into the repositories in
the past. I can totally live with this on my PC, but on a server I
expect a little bit more on this front.

I don't think that you can seriously consider something to be a "server
distro" without a dedicated security policy and/or team, which will
follow the known databases and/or mailing lists making absolutely sure
that any security patches make it into the appropriate packages.

One reason we all love Arch is because it doesn't heavily patch any
packages. Therefore I'm not sure whether it is suited as a "server
distro" at all.

That said I'm using it myself on a couple of servers. However they are
not publicly accessible, but are only serving their local networks. As
pointed out the experience is a little bit different compared to
"conservative" distributions like Debian, but not necessarily worse.
There were updates in the past that broke a few things here and there,
but generally speaking updates work just fine. And when upgrading
packages to new versions, you will always run into problems. With Arch
you can tackle them one by one, whereas with Debian and its derivatives
you have to tackle them all at once with the next "dist-upgrade".

Best regards,
Karol Babioch

Attachment: signature.asc
Description: OpenPGP digital signature


[Index of Archives]     [Linux Wireless]     [Linux Kernel]     [ATH6KL]     [Linux Bluetooth]     [Linux Netdev]     [Kernel Newbies]     [Share Photos]     [IDE]     [Security]     [Git]     [Netfilter]     [Bugtraq]     [Yosemite News]     [MIPS Linux]     [ARM Linux]     [Linux Security]     [Linux RAID]     [Linux ATA RAID]     [Samba]     [Device Mapper]
  Powered by Linux