Red Hat Linux 9 Reaches End-of-Life 470
egburr writes "Well, today is the last day for Red Hat Linux 9. The Fedora Legacy Project is supposed to start legacy support. I am still planning to stick with RHL9, for a while at least. How many others are planning to do the same? How many are switching to Fedora? How many are switching to some other distribution altogether? How many have already switched? For people still using earlier levels of Red Hat Linux (6.x,7.x,8), how well has the Fedora Legacy Project worked for you?"
WSAD (Score:4, Informative)
Re:WSAD (Score:4, Informative)
Re:WSAD (Score:3, Insightful)
Redhat's screwing themselves with this artificial version numbering and BS support tactics. They're going to lose all the developer mindshare they've fought the past 8 years for.
Redhat's going to get bought out or Novell will rise to take their place.
Re:WSAD (Score:3, Insightful)
Re:WSAD (Score:5, Informative)
question (Score:5, Insightful)
Re:question (Score:5, Interesting)
SuSE is pretty good for a "supported" distro. Debian is good all around... unfortunately the marketing droids at Redhat have convinced management that it is important that their distribution be "supported".
We're seeing problems like this: Vendor A gets their feet wet in the Linux arena by targetting Redhat 8. Vendor A supports their product on Redhat 8. Vendor A doesn't want a lot of hassle from this, Redhat 8 is a perfectly valid modern operating system which should continue to be supported until the OS is genuinely outdated.
Redhat announces that support for Redhat 8 is dropping off. Management says "Oh no, we have to migrate to RHEL 2.1". Vendor A says "we haven't migrated to RHEL 2.1, we're still only supporting Redhat 8." Security says "Hey, you can't run that, it's not secure anymore.".
Vendor A is faced with two options: Figure out what this RHEL 2.1 crap is and update their support documents, or dump Linux support. Since Redhat jumped ship for support so quickly, and there was no good reason for the version incresase other than a cash-grab on their part... loyalty goes out the window.
Vendor A drops Linux support, developers targeting Vendor A's product port their apps to the supported version of Unix.
The long-term outlook, I see three scenarios:
1. IBM steps in... "Holy S#$T, our customers are being hosed on Linux support by our friends Redhat! Redhat better fix it or we're going to pick up where they left off... we should also look into buying them, we may as well save the brand if we're keeping their promises. This is bad."
2. Novell steps in "Remember us? We still support your old legacy NetWare stuff, we're a good company who's been around for decades, we're doing this Linux thing with SuSE. Want to try Linux again? We're already the distro of choice on IBM's big iron."
3. Developers never touch Linux again.
(If you're gonig Fedora, you might as well go Debian or even FreeBSD. They have better track records)
Re:question (Score:3, Informative)
Re:WSAD (Score:4, Informative)
That said, I work for IBM, and I'm using an internal version probably newer than what's available externally. If the above trick doesn't work for you, post your exact problem or an email address and I'll try provide some more assistance.
I'm already using fedora legacy (Score:5, Interesting)
No complains.
apt-get update && apt-get dist-upgrade from fedora legacy work flawlessly.
Re:I'm already using fedora legacy (Score:3, Informative)
Re:I'm already using fedora legacy (Score:3, Informative)
Fedora Core is community-supported distribution, much like RHx.x was.
Fedora Legacy is a community-supported bugfixes/updates effort for old redhat systems currently not supported by redhat itself (for RedHat distributions from 7.2 to 9.0).
They usually take old packages, native to these old systems and apply back-ported security patches to them.
That's for people that cannot/don't want
Re:All my RH Boxen belong to god. (Score:3, Informative)
You can install apt-rpm or yum and update every version of RH starting from 7.2
It's just a matter of typing apt-get update && apt-get dist-upgrade with repositiories pointing at download.fedoralegacy.org. I use this for about a year already and didn't get a single problem.
They have ALL security patches backported by redhat itself or comunity.
I don't beg you to stay on redhat, use everything you want. I myself have to support a dozen of 7.2, 8.0, 9.0 boxes. Fedora legac
The hat (Score:3, Funny)
SuSE (Score:3, Interesting)
Re:SuSE (Score:4, Interesting)
Re:SuSE (Score:4, Informative)
Fedora Core 2 (Score:5, Insightful)
Re:Fedora Core 2 (Score:2)
I am looking forward to FC2 though. I just wonder if power management will ever work correctly with my laptop though.
Fedora Legacy != Fedora Core (Score:4, Informative)
Re:Fedora Core 2 (Score:3, Interesting)
Debian (Score:2, Informative)
Re:Debian (Score:5, Interesting)
When did this happen'?
Redhat just moved people distro where it belongs. Between people.
Redhat still supports development in Fedora, and even funds it. Funny I've been noticing only improvements (since the change) and no stepbacks. Fedora is just as supported as RH ever was, no better, no worse (except there's much more choices now, yum instead up2date, and more public repositories). You'd notice if you try to search package for RH9 and same package for Fedora.
I really don't know what is people problem with Fedora and neither does anyone that didn't jump to conclusion before even trying.
Re:Debian (Score:3, Informative)
Well, "stepbacks" is sort of relative, isn't it? I mean, I left Red Hat after being a die hard user since the 6.2 days when 8.0 came out. My decision was confirmed with 9. Given the quality of those releases, it
Re:Debian (Score:5, Interesting)
I run Fedora on my server and I can tell you that it lacks nothing, for your info, it's only gains against RH9.
Few questions:)
Why do you think that you need server version. I have two of them but can't realize why small enterprise would need RHES. Yes, there are gains for enterprise (I mean ENTERPRISE) but (for SME) other than paid RH support there's nothing, and even that is needed only in case that in-house lacks administration or administration is not good enough.
Does Debian do server version, you said you changed to debian and now you cry about server?
What does RH9 and Debian offer (on server part) that FC1 doesn't (I already told you that support lacks nothing, it has only gotten better)?
Enterprise Version (Score:3, Interesting)
This is worth money when your responsible for a significant number of servers, and this is what you pay for. When everyone is running Linux 2.8 or 3.0 or whatever is after 2.6, Redhat Enterprise Linux 3 should still be secure and supported on the servers its deployed on.
This will not be the case for Fedora
switched to Debian (Score:3, Interesting)
Re:switched to Debian (Score:3, Informative)
July 1997
Redhat 4.2
December 1997
Redhat 5.0
May 1998
Redhat 5.1
November 1998
Redhat 5.2
April 1999
Redhat 6.0
October 1999
Redhat6.1
September 2000
Redhat 7.0
April 2001
Redhat 7.1
October 2001
Redhat 7.2
May 2002
Redhat 7.3
September 2002
Redhat 8.0
March 2003
Redhat 9.0
so did they (Score:5, Informative)
My brother's company did pretty much the same thing. Actually, I'd like to elaborate, since the person who asked (and others) may want some reasons to go with the move, and I got all the details.
So first here's the WHO: they are a small web development company. They have several development servers and a couple of deployment servers. They were running Red Hat, all the same version (the kernel configuration and the actual packages installed differred from the production to the work machines). They were using pretty much everything from RPM's, except for some central webdev things (Apache, PHP, Postgres) which they compiled from source because they needed special settings for them. They host they own servers and bandwidth is not a problem.
Now the HOW: They started with one of the development machines, by making a new root partition in the unused space. They chrooted in it and unpacked the base stable Debian tarball, then set up the apt sources to some nearby mirrors and fired up an upgrade to testing (it was a chroot, so networking was already up) as well as apt-get'ting whatever packages were needed to replicate the original environment.
Next they recompiled the kernel and those special apps I mentioned before, and copied over the work resources (projects and stuff). After a Grub setup and a reboot, it worked fine (just a few details to iron out). The whole thing took about an hour and a half (skilled guy doing it, I guess).
Next came about a week of testing. When everything turned out fine, they made a backup of the entire testing machine and then moved the Debian partition to the start of the disk and reorganized it with whatever other partitions were needed (/var, /tmp, swap).
Made an image of the disk, ghosted it to the other machines, restored work environments from backup, and they were done. Actually, the production machines were a bit tricky, but only because they had to make each of them serve everything while the other one was being changed. Plus they had to cross-compile the kernel and the webdev packages for them on the work machines, but they did that all the time already.
And now here's the WHY: why Debian? Because they were looking for: the lowest cost (cheap bastards); no support needed (they relied on their own syadmin -- yeah, one guy); painless package updates, from a variety of nearby mirrors; a distro similar enough to Red Hat so as not to need too much adjusting for the people; another end of life as far away into the future as possible (didn't fancy doing this again in 12 months). They felt that Debian and Slackware would fit the bill, because they were the oldest and most reliable Linux distro's around. (Eventually Slack got booted--you can guess why.)
Finally, a brief overview of why they rejected other choices: Red Hat = too pricey, life-time too short, plus it would imply a reinstall anyway; Gentoo = they felt that compilation and servers don't go very well together, plus Gentoo is too young; SuSE = it came very close, but the beancounters pushed for as little spending as possible; Mandrake = they felt none too sure that it won't dissapear suddenly someday, given it's history of financial problems; any BSD = too much a step from Red Hat. (Fedora wasn't yet a serious option at the time.)
Some of you are probably gonna say they're cheap bastards who wouldn't give back to open-source by at least investing in some support. What can I say, except "small company, gotta cut the expenses to stay ahead these days". The whole switch took a little over one week and cost them just a bonus for the sysadmin.
Re:switched to Debian (Score:3, Informative)
Because if not, and I know almost no one who does except on super-crit servers, debian CONSTANTLY rolls over.
Fedora rolls over the same as debian, it's just that they hard-version it every ~6 months. They are versioning it time based rather than goal based so that if you install the "newest" fedora core, you will be at most 5.999 months behind.
Also, since they've moved to yum and apt-get, a new "version" simply means that you change the "1" in release-ver t "2," then run "yum upgr
Java Desktop System (Score:4, Interesting)
Looking at JDS myself.
Stuck with what works (Score:2)
seems to run GNOME with any decent speed is Red Hat 8.0. Whenever I try more recent distros like Gentoo/Knoppix the GUI is extremely slow in comparison.
Knoppix would be totally awesome if they had a lean version or an easy way
to uninstall some of the software that comes with a full system
installation.
Re:Stuck with what works (Score:3, Informative)
Huh? How about dpkg -l to get the full list of installed packages and apt-get remove <unwanted packages>?
Short life span ? (Score:3, Interesting)
Or is this being done to give their commercial offerings a little more real estate ? Fedora may be the "new" Redhat Linux, but some of the more idiotic corporate users they won't have the synaptic ability to Google that correlation, and will be led to believe that RHL is no longer a "Free" "Hacker" "Distribution" but rather a "mature" "enterprise" "solution".
Aww heck it's a theory.
Re:Short life span ? (Score:5, Informative)
RedHat came out to our center last year to do a presentation. One of their claims is that Linux moves too fast for some Enterprise developer's tastes.
An enterprise application developer will get done certifying that a specific build of RedHat will work with their application to their satisfaction when they realize that the official, stable build of several libraries have already jumped a few increments. Which, of course, invalidates their entire QA process.
RedHat decided to handle this issue by developing a slower-moving "Enterprise" target. This offers a more stable and predictable platform for enterprise application developers to develop for, QA, and then provide support for their products on that certified platform.
This was before the Fedora project had been announced. However, even at that point, they were saying that the RedHat Linux we all knew would be the faster-paced, more bleeding-edge version.
Just switched... (Score:3, Interesting)
I installed Fedora 1 with the same services and only got back the openssh bug, and that was easy to update from source. Yeah, I know I can patch 9 from source myself but it's too much of a pain in the ass to do regularly. I'd rather have something newer just because there's less to patch. It's like racing against the hackers. I'd rather start at the pole than at the back of the pack where they are.
Re:Just switched... (Score:5, Informative)
Nessus just looks at the version, because trying the actual expoit is too risky on running systems, many exploits crash the system (or at least the daemon) in the process of exploiting them.
I went to SUSE (Score:2, Interesting)
I Already Use Fedora Because ... (Score:2)
___________
naija geek [afriguru.com]
With RH 7.3... (Score:3, Informative)
mmm, tasty (Score:2, Informative)
white box linux (Score:5, Informative)
Check it out at: White Box Linux [whiteboxlinux.org]
Re:white box linux (Score:3, Informative)
If you are interested in "Whitebox Linux", most probably you would like to try out CentOS.
CentOS is the same idea that whiteBoxLinux, with a few differences:
- CentOS is a community driven project, instead of a one-man-show.
- CentOS cares about security updates.
- CentOS has several "flavours" to suit yo
I am not a "pirate" (Score:5, Informative)
> from its very movement.
As the alleged "pirate" in question, allow me to disagree. Those who need the SUPPORT offered by RH should purchase RHEL3. Those of us who DON'T need the support shouldn't since RHEL3 is 100% Free Software. Red Hat does not sell software since that would be kinda daft, it being Free Software and all that. What they sell is support and if you are the sort of site deploying an Oracle box you will be writing them a check just like you wrote one to Sun when Oracle was sitting on an UltraSparc.
Basically, WhiteBox should be thought of a product between Fedora and RHEL, offering the longer deployment window and most of the stability of RHEL but with the community support more like that of Fedora.
And I have heard my little project from the swamps of Louisiana mantioned by several RH people, but never disparagingly. So if they don't have a problem with what I (and the cAos, tao, etc. rebuild efforts) am doing why don't you hold off on condemming me for another couple of years, until you learn a little more about how the Open Source/Free Software ecology actually works.
Re:I am not a "pirate" (Score:3, Interesting)
I don't think anyone has any problems with white box. If you want conservative and you don't want any support or guarantees then it may well fit better than Fedora.
I think for the average hacker however RHEL3 and White Box are not going to appeal that much, because they are older software - that people are sure works or k
Mandrake... for now (Score:2, Interesting)
Will it stay that way? Probably, at least until I see a reason not to.
work servers (Score:2)
Remote upgrade to Fedora Core 1? (Score:3, Interesting)
Re:Remote upgrade to Fedora Core 1? (Score:3, Funny)
Re:Remote upgrade to Fedora Core 1? (Score:4, Informative)
Grab the yum package and fedora-release
Install these two
Now (works around a missing dependancy that might otherwise bite people)
yum upgrade e2fstools krb5-libs
yum upgrade rpm
# You want the newer rpm early
yum upgrade
and it should just work.
No guarantees but its working fine for me. Getting to FC2test3 is best done by CD. I'm going to play with yum updates once FC2 is out but things like the Xorg config file changeover make it hairier
Re:Remote upgrade to Fedora Core 1? (Score:5, Interesting)
I did this with a laptop at work. I installed apt-get for RPM. Modified my sources. Did an "apt-get update" followed by an "apt-get dist-upgrade" followed by an "apt-get upgrade" to finalize a few trailing edge packages. It all went fairly smoothly.
There was one odd bug having to do with some library for GNOME that, once I had it figured out, required removal and re-installation of the appropriate package. Sorry - I forget the details. None-the-less... I was half expecting to have to reload the thing. Went fairly well.
Of course - this is a laptop sitting in front of me. Keep in mind that my very tired and currently fuzzy memory may not be recalling anything that would have caused massive heartache if I had been doing this process remotely.
YMMV.
Going slow. (Score:2)
Off RedHat (Score:2)
Who still uses an old version of Red Hat Linux? (Score:2)
I dumped Red Hat completely. (Score:2)
So I switched to Gentoo. It was a pain to set up, but I'm very happy with it now.
Nope (Score:3, Interesting)
Dealing With The End Of Life Of Red Hat Linux (Score:5, Informative)
I've written an article on this topic covering about a dozen alternatives, it's available at:r edhat-support.html [seifried.org].
http://www.seifried.org/security/redhat/20031230-
Your basic options are:
Continue using Red Hat Linux 7.x and 8.0
Continue using Red Hat Linux 9
Red Hat Advanced Workstation
Red Hat Advanced Server and Enterprise Server
Red Hat Fedora Linux
WhiteBox Linux
SuSE Linux
SuSE Linux Enterprise
Mandrake Linux
Mandrake Linux Enterprise
OpenBSD
FreeBSD
Solaris for Intel and Sparc
Windows 2003
Mac OS X Server
Re:Dealing With The End Of Life Of Red Hat Linux (Score:4, Informative)
MOD PARENT UP! (Score:3, Informative)
Re:Dealing With The End Of Life Of Red Hat Linux (Score:5, Funny)
Didn't you know...
"SCO UnixWare® is the solution for companies who place a high value on the scalability, reliability and security inherent in the UNIX® technology, but don't want the vendor lock-in or high server costs associated with proprietary platforms."
Re:Dealing With The End Of Life Of Red Hat Linux (Score:3, Informative)
Dropped RH7.1. Installed Debian unstable. Been doing regular dist-upgrades via synaptic since then.
Worked great for me.
Re:Dealing With The End Of Life Of Red Hat Linux (Score:5, Insightful)
I'm sure I misheard you saying:
And the reason at the top the list is "Out $75,000 per year administrators don't want to waste their time f*(^ing around making products only packaged for R'hat work on some other system rather than following processes we've already spent a lot of time validating and testing".
In a large enterprise setting, it makes a lot of sense to concentrate on one system - and that 0.03% difference is actually a lot more in some cases - in computer software it's more than enough for things to break in funny ways. To expose strange bugs in unexpected places.
I've already moved to Gentoo (Score:3, Interesting)
Fedora is awsome (Score:3, Interesting)
I have been using Fedora Core 1 at home and Fedora Core 2 beta on my work laptop since it became available. No complaints here!
switched to gentoo and debian (Score:4, Informative)
Now I run Gentoo on my workstation. I like the nerdiness factor, and package upgrading is super easy. Also, no full reinstalls every year, just emerge world and I'm happy.
On the server side we also got a little tired of the constant upgrade hell, and when Red Hat chose to EOL the standard 8/9 line, we decided to switch to Debian. In is in progress now, and I've been running it on my personal server for about three months, and I am very happy with it.
For me and my friends, easy, available upgrades that we can count on keep coming for years is really what is important.
Gentoo/Slackware (Score:3, Interesting)
Suse 9.1 Pro ISOs (Score:3, Interesting)
I've got a gut feeling that Novell's SuSE is going to eventually unseat RedHat as the #1 solution for server AND desktop, so I'd might as well dump my RH9 desktop for it now.
--
7.3 and going strong (Score:3, Informative)
Morphix (Score:3, Informative)
No looking back. I love it. Easiest Debian install I've ever done. I really like the Synaptic package manager too. I've used Slackware and various releases of Mandrake but from now on it's Debian and FreeBSD for me. FreeBSD for servers and Debian/Morphix on my Thinkpad.
Getting old, like things that are easier now.
Just upgraded last night (Score:3, Informative)
I was not amused to find that the graphical install does not work on my less than cutting edge system.
I was not amused further when I found out during the text install that selecting the option in Disk Druid to extend a partition to fill up the rest of the available space causes the install to crash.
After rebooting and entering in all the options again, I was able to install Fedora with no further issues.
After installation, I ran up2date which downloaded and installed the 120 some odd patches seemingly without a hitch, and was only somewhat hindered by the fact that the cron.daily and cron.weekly scripts decided near the end of the upgrade that it was suddenly time to execute, thus bringing the system to a screaching halt.
Finally, after the crons finished and up2date finally allowed me to click on the "Forward" button, I was able to log out and click "shutdown". It was at this point that the shutdown sequence promptly failed, and I was left staring at the blue Fedora background unable to log in and unable to switch to a virtual console. The three finger salute also failed to do anything productive, and I was forced to use the power button to make guacamole out of my filesystems.
All in all, I am quite a bit less than entirely thrilled with Fedora. YMMV.
Fedora Core and legacy (Score:4, Insightful)
One of my servers is still running RH 7.3, using the Fedora Legacy support. And the main faculty servers here are moving to RH Enterprise Linux.
The arguments that RH has shafted people are way off target. There are lots of options for people running RH 9, including keeping on doing so.
Danny.
Comment removed (Score:3, Insightful)
fedora legacy (Score:3, Informative)
I was about to upgrade to Fedora Core 1 when I found out about the fedora legacy project which I think is a very good initiative.
The community driven initiative seems to be lacking support though, for instance the openssl updates have been in "testing" for 4-5 weeks now and still hasnt made it into the released-pool of updates. Being free I know I cannot demand anything, but I can observe that it doesnt seem to be working as well as I thought.
I'll probably go to Fedora Core 2 when it's released, it'd be nice to get the 2.6 kernel.
We switched to Debian Stable (Score:4, Insightful)
And, you'll never end up with a knife in your back while some ivory tower asshole talks about how edu and SOHO customers are useless to the company's bottom line.
Sorry to sound so bitter... but RH still doesn't understand the fullness of what they've done to themselves. They *had* mindshare, they *had* the grassroot movement, they *had* Linux and the only real channel into Joe User's home (that's why MS is now giving Sun and IBM tough competition in the small server market).
Now, RH has a few hundred CIOs in corporate America and they *think* what they did was smart. 5 - 10 years and they'll be a has-been and it will be directly related to they way they fucked-up RHL.
No Fedora, I left for Knoppix-hd (Score:4, Interesting)
Updating to FC and RHEL, legacy isn't serious (Score:3, Informative)
Initially I'd hoped to take advantage of the Fedora Legacy [fedoralegacy.org] project, but they just don't seem serious. For example, one of their primary modes of distribution is via yum. They released packages for 7.2 and 7.3, but never for 8.0. I opened this bugzilla report [fedora.us] on it nearly two months ago. They're just ignoring it. Hardly the response you want to see from someone you're trusting for security patches.... Maybe someone will mod this up enough that they'll take note.
As a side note, I'm keeping White Box Linux [whiteboxlinux.org] in the back of my mind as an option if FC2 flops. The legal issues are still a little disturbing, though.
Redhat/Fedora user for a year now... (Score:3, Insightful)
With each release, there have been obvious dramatic improvements, from more useful features to performance improvements to bug fixes. Just to give an example of the improvements, I have recently been toying with Debian Sarge Beta 3... I was getting sick of Gnome 2.4, the slowness and buginess of Nautilus, etc... I also didn't like the small Fedora apt repositories.
I was planning on switching to Debian and KDE.
Today I downloaded and installed Fedora Core 2 test 3, just to give Redhat one last chance. Wow! Nautilus is really frickin fast! In fact, the entire desktop is extremely fast! The Evolution email client opens instantly, Nautilus windows open instantly, its very impressive.
Is it the new 2.6.x kernel included in Fedora Core 2? Is it the new Gnome 2.6 desktop? I don't care what it is, the fact is that I have a very coherent "desktop experience" with this latest Fedora Core 2 release candidate from install to posting on Slashdot
If you need rock hard stability, go with Debian stable. If you want a coherent desktop experience, then one good option is Redhat's Fedora. Yes there are others, but at least from my experiences... Fedora is a damn good choice!
Alternative to RH (Score:3, Interesting)
Primarily, I was doing this for patches and bugfixes. I also (being a non-profit) wanted a quick, easy cheap fix and little downtime. If a catastrophic failure occured on the primary, I'd just move the CAT5 cable to the backup server, change a couple settings, and the backup is the primary. Then I can turn my full attention to the smoldering dead server.
However, when RH announced their EOL set for this spring, I started looking around for a replacment server OS.
Prerequistites were:
FREE (non-profit = no budget in my case)
Support system
Ease of patch/upgrade
I have a friend who runs BSD. I personally love some of the features it BSD incorperates. I espcially love the ports system. I hated all the file tree seemed foreign compared to Linux-based distros.
I tried everything from Knoppix, Debian, Slack, Fedora, a few no-names I don't recall. I finally settled on Gentoo.
As mentioned above it is a "young" distro. I love the portage system for upgrades. I did a install based off a stage3 tarball, and had my server (P2/400MHz) up and running FULLY in about 10 hours. Granted, that is not an acceptable downtime for some, but I have a mirror-setup between my primary and backup server, making it very easy to change who is primary.
I have been using it for a Desktop for about a year and love it. As for a comparision between RH and Gentoo - RH has ease of "special" setups - Cyrus-sasl + sendmail, etc. But, Gentoo is much easier to patch IMO.
In essence, I was very impressed with Gentoo's overall arrangement and would recommend it to anyone trying to switch from a RH w/o X installed (If you relied on X-windows for configuration of your server, then Gentoo may be a little more complex than that).
But, that's just one former RH admin's opinion.
Re:Serious question (Score:4, Funny)
I'm glad... (Score:5, Funny)
I'm glad to be with you, Redhat 9... here, at the end of all things.
You cannot always be torn in two, RH. You must be one and a whole for many years. You have so much to enjoy, and to be, and to do...
Re:I'm glad... (Score:2)
That time wore a red hat.
That time was nine.
Re:I'm glad... (Score:3, Informative)
wait, what am i thinking. of course you know, this is
Re:no update for us (Score:5, Insightful)
How about the security updates?
Re:Mirror , just in case (Score:5, Insightful)
Not to be rude, but why should I download and install security patches from a site that is not an official mirror site?
Re:Mirror , just in case (Score:5, Informative)
You might have to track down a FedoraLegacy key. That shouldn't be too difficult.
FedoraLegacy packages should be signed by a key (presumably you trust the people running FedoraLegacy, otherwise you'd question why you should install updates from some random OSS project). If they have the signature, either the source is the original, or the keys have escaped FedoraLegacy's control. If the second one has happened, you're screwed. There isn't much you can do to show that the packages are correct at that point.
Unless you feel it's a major loss of time download the security updates, there's virtually nothing else for you to lose by downloading them from a mirror, if it's fast, and you have a fast connection.
Kirby
Re:Mirror , just in case (Score:3, Insightful)
It's not just a question about verifying rmp when downloading security patches from an unofficial mirror. With an official mirror it's likely that the mirror is complete and updated. You got it now?
Re:Mirror , just in case (Score:5, Insightful)
If your serious about security, you'll end up hand checking the RPMS that are on the list of the errata anyways. I've seen high quality mirrors out of date for days. I know kernel.org was out of date for at least a week from the RedHat security updates. I've seen several whitebox-linux mirrors out of sync for a couple of days. I've seen the redhat.com FTP site have the errata packages out at least a day before the errata messages. I actually confirmed it was an errata package with the maintainer before the errata message was posted to redhat.com's site (it was OpenSSH, and I hadn't heard publicly about the exploit).
If it really bothers you, rsync from any unofficial mirror, followed by an official mirror, and/or the primary site. I've done that on more then one occasion to take load off the primary site. I'd get the bulk of the updates/changes from the mirror site. If the mirror site is broken (which I've seen happen on several occasions) you get working packages via the primary site. Other then that, you never use the primary site. Generally, I've found that people who say they have working mirrors, in fact, have good working mirrors that are well maintained. People who post that they have mirrors, generally are pretty serious about mirroring for themselves.
Kirby
Re:Mirror , just in case (Score:3, Insightful)
-molo
Re:Mirror , just in case (Score:3, Informative)
-molo
Re:just a few more days till SUSE 9.1 (Score:3, Informative)
Re:just a few more days till SUSE 9.1 (Score:3, Informative)
Re:just a few more days till SUSE 9.1 (Score:3, Insightful)
Re:Slackware or nothin (Score:2)
Re:Who's responsible? (Score:5, Insightful)
If you don't trust them, then why the hell are you running the software they wrote?
Re:Who's responsible? (Score:5, Insightful)
I think if I was deploying it "somewhere that mattered" I'd use the Enterprise WS edition - and honestly what's so evil about that?
RH9 was a strange half way house - fast moving (like FC1) and supported (a bit) like Enterprise. I don't quite understand why we all miss it so much? For Enterprise work then WS looks like a good option, for home FC1 is really very nice.
So what's the problem again?
Re:Who's responsible? (Score:5, Insightful)
The answer to your question: The Fedora Legacy Project volunteers are responsible for the project. These are, essentially, SysAdmins who've volunteered to package the bug fixes and security patches that they already need to apply to their own legacy systems so that others won't have to.
You may not have personally meant it this way, but your words echo a common sentiment that people often voice where they want to know that if the product they are using fails that someone else's head is going to roll. For those who need that, buy commercial support.
Why have we created a culture of people afraid of personal responsibility (not you necessarily, just in general)?
Re:Who's responsible? (Score:5, Informative)
With a fedora rpm the actual code will most likely have been either written or reviewed by one of the thousands of professional linux coders be they paid by redhat, ibm or otherwise. Fedora just does the packaging.
Live & learn....
Re:changing (Score:5, Funny)
Coincidentally, so is the Ronco Shotime indoor rotisserie and BBQ.
Re:apt/yum and rpms (Score:3, Informative)
Take it from me; as long as you stick with sensibly built packages from trustworthy repositories (e.g. RH, Freshrpms), your RPM database will stay sane.
--
Re:FreeBSD is one giant leap for mankind. (Score:3, Interesting)
Same here. I've migrated over 700 machines for one of my clients from RHL9 to FreeBSD. It was dead easy, because they used standard apps that had nothing Linux/RH specific.
Actually, using FreeBSD was the best IT decision they've ever made. Thanks CVSUP, maintenance is now a dream, and the community support in mailing lists is outstanding!