Domingos Parra Novo wrote:
Hiyas,
Brad Taylor escreveu:
I'm getting ready to put 3 Squid reverse proxy servers into production
and I'm looking for the best distro do to this with and the best way to
maintain Squid updates. I'm familiar with CentOS 4.3 and would like to
use that distro but found that Squid 2.5 STABLE6 is the latest version
for CentOS 4.3. Any reason why such a popular program like Squid would
not be updated for CentOS (Red Hat Clone)? I prefer to use up2date or
yum to update packages. Anyone have any suggestions for me?
Like you said, CentOS is a RedHat "Clone". To be more exact, it
simply gets the source RPM packages from the RH enterprise distros,
and recompile it (modifying only what is strictly needed).
So, it could be considered an enterprise linux distro (without
commercial support, that is), updating packages and fixing stuff only
when RedHat does the same on RHEL. This means that all policies
regarding this distro (packaging, updating, bug fixes and security bug
fixes) takes in account that the product is targeted to an "enterprise
client" (thats the most important phrase in my message).
For a long time, "enterprise clients" asked for an enterprise
linux (and there where none). RedHat was the first to fix this issue,
building an enterprise version of its Linux (called RHEL). By
enterprise, they meant an operational system which was stable,
scalable, well supported and with a distant EOL date. So, the paradigm
for this kind of distro is way different from the ones end users and
small companies use. We can sum the basic changes in a few lines:
- The life cicle of an enterprise distro is way longer then a normal
distro. To get the picture, just compare the EOL date of any Fedora
Core version, with any version of Solaris, or even better, Windows.
For the matter, Windows 98 finally ended its "cicle of life" (EOL)
this month. RHEL usually have a EOL date of 5 years from the date it
was launched (and even more, if the marked asks for it).
- The enterprise distro is not meant to be bleeding edge. Alas, no
software is upgraded to the latest version. In truth, developers do
the most they can to stay using the same version of any package or lib
for the lifecycle of the product. We can break this statement in two
parts:
- package updates are made only when security bug fixed are found.
Also, the package is not updated to a newer version, but instead, the
fix is backported to the current version. If you take a look at RHEL
4.x, you'll see that it contains thousands of packages. To stay
"feature freeze", you must guarantee that all packages are 100%
compatible betwen updates (try to do an automatic update of squid
2.5-stable6 to squid 2.6-stable1, and see if works at all).
- developers take much more care about updates, and usually, stay
away from "functionality" fixes (unless the bug makes the software
useless). So, the number of package updates ir far greater on end user
distros, when comparing to enterprise distros. Also, those updates are
usually delivered in batches (think of Microsoft service packs. RedHat
does the same with RHEL).
Finally, on RHEL 4, squid 2.5-stable6 is not really the "stock"
squid 2.5-stable6. The latest RPM package contains dozens of patches,
fixing any know security bug for this version, and a handfull of
feature fixes.
For an stable and secure (enterprise) environment, I'd recomend
all users to stay with the vendor's packaging and updatind, and let
the administrator deal with other tasks.
I agree with all that you said up to this point. This line, I have to
(partially) contest. If you are paying for RHEL (and therefore paying
for the support it offers), then by all means, use the packages offered,
and report bugs to RedHat. If, on the other hand, you are using a clone
distribution (CentOS, WhiteBox, etc.) then your support is going to be
supplied by the community. If you want the Squid community to support
your Squid install, please, please, PLEASE don't use the stock distro
packages. They are not current. There are too many non-standard,
back-ported changes. If you want stability, hang back a release or two
(pick one with few bug fixes, and apply the patches), and let others
shake out the problems with the new releases. But don't ask the
community to support the Frankenstein's Monster released by the vendor.
OB: I've worked at Conectiva, which was a former member of the United
Linux Consortium (another flavor of a boxed Enterprise Linux). It was
even one of the few distros "recomended" to run Oracle 9i. So, I
didn't "invent" anything. This just what the commercial distros do,
when building an Enterprise product (for enterprise clients).
FWIW, I'm a RHCE (though it's not current), and a big RedHat fan. I run
CentOS 4 on my Squid servers and currently my most up-to-date Squid
install is 2.5S11. I have no further affiliation with the Squid community.
Regards,
Domingos.
To the original poster, one of the Squid developers (Henrik Nordstrom)
was keeping up to date RPM packages of Squid. I'm not sure if he still
is, and I don't feel that it's my place to supply the link in any case.
Chris
