Search squid archive

Re: configuring Eliezer RPMs for CentOS 6 for SMP

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

 



Hi,

On Sun, May 18, 2014 at 4:32 AM, Marcus Kool
<marcus.kool@xxxxxxxxxxxxxxx> wrote:
The statement that RPMs add an unnecessary component that may need debugging
is utter nonsense.
In fact, it's technically factual. Some may find it useful in other
ways, but the following facts remain:
It's only your version of the facts, that is, your own *opinion*. But when you state it in such absolute terms, you do a disservice to the community, because many newbies will take your opinion as a real fact and loose the oportunity to have something that could be way better for their particular setup.

So I'm sorry Amos Jeffries, but I have to continue this thread a little longer. ;-)

1. It's unnecessary - Squid does not need RPMs to install, or run.
If package management is so unnecessary, why all major linux distros were built around this concept? Why aren't more people using "Linux from scratch" to build their production servers? Why don't you build your own kernel, gcc, bash, openssl, etc?

2. It may not work the way you expect, so you have to debug the
unnecessary component.
RPM and DEB infrastructure provides a really nice debugging infrastructure. Just learn how to use it. :-) Besides, your own build also may not work as you expect, and for most sysadmins, who are not system-level programmers, finding the cause may be harder than with rpm or deb packages.

If you install something from a properly built RPM or DEB package, you get configuration management, something no sysadmin should ever live without. The package manager knows your binary files checksums and can check they were tampered with. The package manager knows your binaries depends on system shared libraries, and won't let you install without them -- most will even download all your system is missing -- and won't let you remove something other packages depends upon.

Without package management, you'll have do do yourself this management. You may end up with lots of software (libraries and binaries) which the system does not know where they came from, nor how they are related. In the long run, it gets much easier to break something than with package management.

Not only your squid binaries need security updates, but all libs and other binaries it depends on need those updates. One big cause of vulnerabilities are outdated libs embebbed in some software installation. Your distro will provide you timely updates, easy to apply, but only if you do use package management. If you don't, it gets much easier to end up with a vulnerable squid installation.

Squid is not a special case. All reasons to use package management apply as well to squid as to any other server software. Of course you can do the right thing with build-your-own, but you'll have more work to do, more changes do forget about something, more room for mistakes.

Most sysadmins won't live on the edge. I belive for most of them rpm/deb packages will be way better. If compiling your self works for you, and you do know all the implications of this, you do all your homework to keep your server stable and secure, fine. But it is my opinion that it's a little irresponsible to advice this as the "better" choice for everyone.

PS: If you do want to build youself (say to try latest development code) take the time to use your distro -devel packages. Try to build the mininum set of software yourself and relay on the biggest set of distro-packaged software you can. Better yet, build your own squid from SRPM packages, so you can have your custom binaries and yet have all package management features. Those are not exclusive choices. :-)


[]s, Fernando Lozano







[Index of Archives]     [Linux Audio Users]     [Samba]     [Big List of Linux Books]     [Linux USB]     [Yosemite News]

  Powered by Linux