Hi,
On Sun, May 18, 2014 at 4:32 AM, Marcus Kool
<marcus.kool@xxxxxxxxxxxxxxx> wrote:
The statement that RPMs add an unnecessary component that may need debugging
is utter nonsense.
In fact, it's technically factual. Some may find it useful in other
ways, but the following facts remain:
It's only your version of the facts, that is, your own *opinion*. But
when you state it in such absolute terms, you do a disservice to the
community, because many newbies will take your opinion as a real fact
and loose the oportunity to have something that could be way better for
their particular setup.
So I'm sorry Amos Jeffries, but I have to continue this thread a little
longer. ;-)
1. It's unnecessary - Squid does not need RPMs to install, or run.
If package management is so unnecessary, why all major linux distros
were built around this concept? Why aren't more people using "Linux from
scratch" to build their production servers? Why don't you build your own
kernel, gcc, bash, openssl, etc?
2. It may not work the way you expect, so you have to debug the
unnecessary component.
RPM and DEB infrastructure provides a really nice debugging
infrastructure. Just learn how to use it. :-) Besides, your own build
also may not work as you expect, and for most sysadmins, who are not
system-level programmers, finding the cause may be harder than with rpm
or deb packages.
If you install something from a properly built RPM or DEB package, you
get configuration management, something no sysadmin should ever live
without. The package manager knows your binary files checksums and can
check they were tampered with. The package manager knows your binaries
depends on system shared libraries, and won't let you install without
them -- most will even download all your system is missing -- and won't
let you remove something other packages depends upon.
Without package management, you'll have do do yourself this management.
You may end up with lots of software (libraries and binaries) which the
system does not know where they came from, nor how they are related. In
the long run, it gets much easier to break something than with package
management.
Not only your squid binaries need security updates, but all libs and
other binaries it depends on need those updates. One big cause of
vulnerabilities are outdated libs embebbed in some software
installation. Your distro will provide you timely updates, easy to
apply, but only if you do use package management. If you don't, it gets
much easier to end up with a vulnerable squid installation.
Squid is not a special case. All reasons to use package management apply
as well to squid as to any other server software. Of course you can do
the right thing with build-your-own, but you'll have more work to do,
more changes do forget about something, more room for mistakes.
Most sysadmins won't live on the edge. I belive for most of them rpm/deb
packages will be way better. If compiling your self works for you, and
you do know all the implications of this, you do all your homework to
keep your server stable and secure, fine. But it is my opinion that it's
a little irresponsible to advice this as the "better" choice for everyone.
PS: If you do want to build youself (say to try latest development code)
take the time to use your distro -devel packages. Try to build the
mininum set of software yourself and relay on the biggest set of
distro-packaged software you can. Better yet, build your own squid from
SRPM packages, so you can have your custom binaries and yet have all
package management features. Those are not exclusive choices. :-)
[]s, Fernando Lozano
