On Thu, 10 Apr 2003, Thomas D. Ward wrote: > Your comment about Red Hat releasing unstable software is misleading. I > believe they do release stable versions, but they discover security, and > other issues throughout the course of the stable version cycle. Every distro > discovers this or that after the release. Well, here is an example of what I am talking about. I just downloaded the Grub RPM and used rpm2tgz to convert and extract it before I made this statement so I could be sure of its accuracy. Redhat suggests that you use Grub as your boot loader. The release notes for the last few versions state that they plan to drop Lilo eventually. Well, my beef with this is that GNU Grub isn't ready for anything but testing. To quote the official home page: "for now, GNU GRUB is not released publicly yet, but you can still get the test releases from alpha.gnu.org:/gnu/grub, and the latest version from CVS." I don't feel comfortable using a boot loader that is considered by its developers to be in Alpha stage. Yes, Grub has distinct advantages over Lilo, but for me, it's not worth the potential risk. Slackware has backed down a version of Lilo because the newest one caused trouble with RAID drives. They provide the newer version in the Extra directory so that people who want features from it can try it out. Another example is the ntp package. Ntp stands for network time protocol and it lets one set the computer's clock over the network. The program will check the time from the network periodically and will speed up or slow down the system clock to keep it as accurate as possible. Slackware ships with the unmodified stable release of NTP. Redhat doesn't exactly ship with a beta, but they have modified their version so that it can run as user NTP instead of root. This has some security benefits, I suppose, but it uses a command-line option that doesn't exist in the normal version. What if the user decides to upgrade to a new version later, or fall back to an earlier version because of a bug? They will have to modify their startup scripts to not use this non-standard extension. If I were Redhat, I'd be trying to get the extension patched into the official distribution if it's a good enough idea. > Take sendmail for example. It is not a product of Red Hat, but it has a > stream of security adviseries about security issues. Well, do you think the > security issues in sendmail effects only Red Hat or do you think it would > effect all distros including the Grand and invincible slackware? Yes, and in the case where a major hole is discovered in Sendmail, Slackware will provide a patch on their FTP site. The versions of Redhat I used didn't appear to have an alternative to Sendmail, but it's possible I missed it given that it is very hard to control what packages get installed on a Redhat system. Unless you go through the steps in exactly the right order to select packages individually, or do a full install of every single package, you will wind up missing a lot of good packages like Lynx and Pine. Don't get me wrong, Slackware isn't perfect. I actually learned some things from Redhat. For example, I learned how to configure Sendmail to not permit any connections from any computer other than the local host by looking at how Redhat sets up Sendmail by default. I also think Redhats ability to set what services start and stop at boot time is a great idea. I didn't care for its hardware detection because it didn't pick up everything and causes annoying delays at boot time. I also detest how a simple thing like configuring the system to run hdparm with certain parameters has to be done in its own script. I guess what this whole thing boils down to is personal preference, and we are all getting worked up over it. That includes me. It's just that when I hear something about how a potentially useful commercial product is created in such a way as to only work with a particularly popular version of Linux, it puts my hair on end. Especially since the web site doesn't explicitly state that it requires Redhat. It just says Linux. I've gone ahead and downloaded the demo of OCR Shop and will see what exactly I can get it to do. Anybody know if there is a demo of OCRXTRA? I couldn't find one, and since it costs more, I'd certainly like to try it before investing in it.
