Forgot your password?
typodupeerror
Operating Systems Software Linux

Gentoo On Server Considered Harmful 372

Posted by kdawson
from the not-a-desktop dept.
Siker writes in to point out his blog post — Why Gentoo Shouldn't Be On Your Server — which seems to have stirred up a lot of discussion, including a thread on the Gentoo forums. From the post: "I firmly believe in updating server software only when you need to. If you don't need new features, and things are working, why change anything? If you update anything you will undoubtedly need to update configuration files. You will need to fix things that break in the upgrade process... This is hard with Gentoo. Gentoo wants you to change a lot of stuff. It wants to be bleeding edge."
This discussion has been archived. No new comments can be posted.

Gentoo On Server Considered Harmful

Comments Filter:
  • by suso (153703) * on Sunday January 28, 2007 @11:27PM (#17795014) Homepage Journal
    At the same time, the "your system is always approaching the bleeding edge" way of doing things solves one problem that I've always been bothered by with running user servers for suso.org [suso.org]. Eventually, the OS on the server reaches the age where it is no longer supported and updates are no longer coming out for it. This isn't always X years where X is the number of years that a distribution claims to provide package updates for. Its usually X-1. This is because you'd be foolish to use the very latest hasn't been available for more than a day version of Linux. Usually you wait for 6-12 months for it to be mature and have special packages of whatever available for it. Then you spend another month or two setting up the machine and getting it ready for production. By that time, you've already burned over a year of support time. Then you get users onto it and now you only have X-1.5 years of support. On Fedora, this means practically no time is left. Upgrading such a system to the latest version of whatever distro means taking the server down for several hours to upgrade, hope to hell that special packages you've built and configurations aren't broken and in nightmare situations, roll back because something is broken and can't be fixed.

    The promise of Gentoo for me is being able to continually upgrade and never get outside of that window of support.

    I actually have a new shared user system that is running Gentoo that is kinda in beta right now. This article was very useful for me because it brings up those points about stability that concern me. Its kinda an experiment.

    I think I may try Debian next.
    • by lordsilence (682367) * on Sunday January 28, 2007 @11:37PM (#17795118) Homepage
      Gentoo has proven troublesome in a production environment.
      The problem isnt updating often... it's when you DONT update often.

      We had one system which we didnt bother to update. (Dont fix what isnt broken)
      Then one day we had to upgrade some of the services.. which in turn required lots of libraries to be upgraded.

      In the end, we had to upgrade kernel.. cause libraries didnt support 2.4 kernel.
      Stuff change too much in gentoo to put it simple.. It's easier to keep updating often

      emerge sync && emerge -u world
      Then iron out all config-changes. Find out which undocumented features were changed, which keys to add to startup script etc.

      Lesson learnt: Dont use gentoo on production systems. Run it on your desktop computer you play around with...
      • by Anonymous Coward on Monday January 29, 2007 @12:23AM (#17795480)

        Then one day we had to upgrade some of the services.. which in turn required lots of libraries to be upgraded.

        In the end, we had to upgrade kernel.. cause libraries didnt support 2.4 kernel.
        Stuff change too much in gentoo

        How is it Gentoo's fault that the services you run require updated libraries? How is it Gentoo's fault that the libraries you use require a 2.6 kernel?

        Seems to me the blame lies with the services and the libraries respectively, and performing the same upgrade would require the same kernel update on other distros too.

        • by Anonymous Coward on Monday January 29, 2007 @01:29AM (#17795924)
          In the case of Red Hat, they'll backport changes for you so that you don't need to upgrade 50 other packages in order to get a security patch for Apache to work.

          So in a way, yes, it is Gentoo's fault. It's just the way the distro is designed. Everything at the latest revisions possible. Great for a home system, not good for a server you have to maintain.
          • Re: (Score:3, Funny)

            by Hal_Porter (817932)
            in gentoo u just need emerge --backport --fuck-upstream --unrollloops [archive.org] --skip-rarely-taken-else-clauses --inlinelimit=9999999999999999999999
      • If you have more than one server, the best way to manage updates is to have one server (preferably non-production) on which you build and install binary package updates.

        These binary updates can be pushed out to other machines and installed once any config file issues have been ironed out on your package-build machine. For extra kudos, all machines can be used as distcc-servers so that package compilation can be accelerated.

        Finally, to reduce load on gentoo's servers and to help keep the machines in sync, th
        • Re: (Score:3, Insightful)

          by caitriona81 (1032126)
          It still begs the question... Should you really have to build software for a production server environment? (Yes, I know that Gentoo has the ability for binary packages, but their use seems to be actively discouraged by the culture, if not the documentation and the support channels as well.)
          Real production environments, at least at the enterprise level, are built around stable, well tested binary packages that just work, change control processes, updates that can be applied safely with minimal technical
        • Gentoo FTW (Score:3, Informative)

          by Rukie (930506)
          Gentoo has long been considered a hobbyists flavor of linux, and as much as I enjoy Gentoo as a hobbyist, I've come to learn that a slim hardned version of Gentoo will have almost no trouble at all. A slim server that requires minimal amounts of packages requires minimal amounts of updates, and runs extremely well.

          I also love that Gentoo has THEE quickest reaction time to security updates, leaving your competition vulnerable and you safe. I've got multiple computers running gentoo. One is my home desktop th
      • by dbIII (701233) on Monday January 29, 2007 @01:40AM (#17796004)

        Lesson learnt: Dont use gentoo on production systems.

        I would see that lesson instead as don't experiment on your production systems. Obsolete hardware is useful for testing out stuff like this.

        The reason I don't run gentoo on production systems is simply becuase I am not familiar enough with it and it is different enough from other distributions of linux and other versions of *nix to make things confusing. It's the same reason I don't use reiserfs - if it all messes up how can I or any moderately skilled linux user get things back into operation?

      • by arivanov (12034) on Monday January 29, 2007 @03:05AM (#17796498) Homepage

        The joy of portage all the way. Continuous upgrade versus release cycles. 15 years of dealing with both have convinced me that portage is good only in two places:

        • your own workstation where you want to look at how the bleeding edge looks before unleashing it on the unsuspecting user population. This one is updated continuously and rebuild as necessary.
        • single special purpose dedicated servers (not run of the mill 10+ servers with same load). You build these once and after that you leave them alone until they die (preferrably).

        Everything in between - forget it. Update hell, dll hell, etc. If you use portage (either the BSD or Gentoo incarnation) you die and releases are the exact and only solution to this. You can stamp servers with a "released" OS out of workshop by truckload and you can be more or less confident that updates will not break a lot of things. The only problem is upgrades to next release but if you are using The One OS to rule them all [debian.org] even that is not a problem.

      • by lRem (914073) on Monday January 29, 2007 @04:58AM (#17797030) Homepage
        Gentoo has proven all right in my production enviroment - and that is an ISP.
        First reason, is that you don't have to upgrade those production machines all that often. I sit down and read any security advisory that seems to affect me. And, not surprisngly, there are actually very few remote vulnerabilities that hit Gentoo-hardened. Furthermore, those tend to be in software right in a leaf of the dependency tree, or software I might consider disabling (or limiting to trusted hosts) to the next maintainance cycle.
        And there comes it - once in 6 months a massive emerge -uDB world && emerge -uDk world && revdep-rebuild && perl-cleaner (better don't omit the latter two). The system is nicely trimmed down and the build runs on a few machines I have available, so it doesn't take any epic amounts of time. In fact, I even seen it done within half an hour. Still, back when it did take a better part of the day, I simply run the first command a day earlier and then used the packages, what of course is a breeze.
        Finally comes the configuration updating. I haven't seen it easier anywhere. The first nice thing is that Gentoo developers don't toy around them - they usualy come as the original software developers intended. But what really makes a difference is the toolchain. By far, I have seen no other distro that automagicaly within the standard package system uses revision control for configs. And then, it gets the trivial updates done for me, and puts me into vimdiff anytime any decision is required.
        At most times, this means no downtime at all, as everything runs smoothly. In case of a kernel upgrade, or anything going wrong (once till now), we still have redundancy. So there are no visible drawbacks of using Gentoo on those servers... Unless I, and my boss, am missing something.
        • Re: (Score:3, Interesting)

          by iabervon (1971)
          You're still *reading* security advisories? "glsa-check -f new" or "glsa-check -l affected" But you should be aware that Gentoo doesn't do glsas for the kernel, which may be important to an ISP and is not entirely obvious.

          Gentoo does reasonably well with configuration stuff (certainly better than any other system I've seen), but I still think it should be better; it'd be really nice if upgrades that change config files would be built but not installed, and then you'd be guided through updating the config fi
    • Redhat 6.2 (Score:5, Funny)

      by flyingfsck (986395) on Sunday January 28, 2007 @11:42PM (#17795160)
      Don't fix it if it ain't broke: up 292 days, 22:26 The reason for the short uptime, is PSU upgrades...
      • Re: (Score:3, Insightful)

        by suso (153703) *
        I ran RedHat 6.2....... 8 years ago. Dude, that's not too cool. IMHO, that was back when there were some more serious remote exploits.
      • Re:Redhat 6.2 (Score:4, Interesting)

        by Blkdeath (530393) on Monday January 29, 2007 @03:45AM (#17796676) Homepage

        Don't fix it if it ain't broke: up 292 days, 22:26 The reason for the short uptime, is PSU upgrades...

        My Gentoo system was up 309 days [snerk.org] before I realized that the PSU fan had stopped turning and the motherboard overheated and blew 6 capacitors which is why the clock got so far out of sync (the computer thought it was April when I rebooted it back in November) which explains the graph weirdness.

        Prior to that I had an uptime well over 200 days ruined by a blackout that outlasted my UPS.

        I perform updates here and there on my server periodically and perform a full-scale "bleeding edge" upgrade whenever I'm forced to reboot the machine.

      • Re: (Score:3, Interesting)

        by dmayle (200765)

        I've got to admit, I've got a relatively short uptime right now on Gentoo, only 98 days, 15:27. (There was a power outage due to a storm.) But in that time, I've upgraded versions of asterisk, postgresql, apache, squid, samba, PHP, and mythTV. I've also recompiled the system using a new compiler, and the only service downtime I had was when the recompile of PHP was finished, merging it in crashed Apache. Total downtime? Less than 15 minutes. Now this is a home server, and I wouldn't be nearly so aggre

    • by Fyre2012 (762907) on Sunday January 28, 2007 @11:47PM (#17795208) Homepage Journal
      The promise of Gentoo for me is being able to continually upgrade and never get outside of that window of support.
      I agree. Every now and then a program's latest version doesn't agree with a config script somewhere, but that's what etc-update is for. If something borks, you can always ask the gentoo forums [gentoo.org], which is an invaluable source of information for all things gentoo. That and the gentoo-wiki [gentoo-wiki.com].

      Also, no one is 'requiring' anyone to upgrade. I administer hundreds of gentoo servers and you don't always need to keep up to date to be secure. Part of the nice thing about gentoo is that you're only installing the packages you need, so if you know of a vulnerability in a script you use, you don't have to upgrade your whole portage tree just to plug a hole.
    • by ePhil_One (634771) on Sunday January 28, 2007 @11:48PM (#17795228) Journal
      Then you get users onto it and now you only have X-1.5 years of support. On Fedora, this means practically no time is left.


      Which is why IT Pros prefer Red Hat Linux or its unencumbered variants link CentOS, White Box, and Scientific. Better testing up front thanks to the Red Hat gang, and longer shelf life. Which is why most commercial software chooses to support it first, it provides a stable base.

      • by oGMo (379)

        Which is why IT Pros prefer Red Hat Linux or its unencumbered variants link CentOS, White Box, and Scientific. Better testing up front thanks to the Red Hat gang, and longer shelf life. Which is why most commercial software chooses to support it first, it provides a stable base.

        Not really. "Pros" typically don't care about platform-delivered apps, and they certainly don't care about crap like various RedHat knockoffs. Stability is OK, but in the end it comes down to one thing: paid support. Which is wh

        • by runderwo (609077)

          Stability is OK, but in the end it comes down to one thing: paid support.
          It would seem to me that the availability of these two features in a particular distribution would be highly correlated.
    • by mcrbids (148650) on Monday January 29, 2007 @12:05AM (#17795358) Journal
      Then you get users onto it and now you only have X-1.5 years of support. On Fedora, this means practically no time is left.

      What kind of dope uses Fedora on a production server?

      Use CentOS - I'm running CentOS 4, and anticipate not having to do *ANYTHING* to my production systems except use them, keep them turned on, and keep them updated (which is about 5 min/week) until 2010 or so.
      • Re: (Score:3, Interesting)

        by suso (153703) *
        What kind of dope uses Fedora on a production server?

        Here is where I make myself sound like an old man talking to his children about walking through the snow both ways. I knew someone would have to make a remark like this.

        I've been using RedHat and thus Fedora for 10 years now. I started out on Linux on the RedHat track. And thus I'm more familiar with it. CentOS wasn't even in diapers and there weren't many other choices. Now that there are things like CentOS, I've actually gotten tired of dealing wit
      • CentOS updates (Score:2, Interesting)

        by Kadin2048 (468275)
        At risk of exposing my ignorance here (I'm a Debian person; the last time I did anything RedHat-based was before automatic package management), what is CentOS's automatic-update feature like? Does it have one?

        I assume it uses yum, or something like it, being RedHat, but does it pull from RedHat's servers directly, or are there separate CentOS repositories? I assume it's the latter. In that case, how closely do the CentOS repos track the 'official' RHEL ones, in terms of patches and bugfixes? Not that you'd
        • Re:CentOS updates (Score:5, Informative)

          by DA-MAN (17442) on Monday January 29, 2007 @01:40AM (#17796000) Homepage
          At risk of exposing my ignorance here (I'm a Debian person; the last time I did anything RedHat-based was before automatic package management), what is CentOS's automatic-update feature like? Does it have one?

          Yes, it's yum.

          I assume it uses yum, or something like it, being RedHat, but does it pull from RedHat's servers directly, or are there separate CentOS repositories?

          CentOS Repositories

          In that case, how closely do the CentOS repos track the 'official' RHEL ones, in terms of patches and bugfixes?

          The official RHEL ones are publicly available, and tracked by CentOS very well. The only changes they make are for trademark requirements. Thus far it has been bug for bug compatible with RHEL.

          Not that you'd probably want to do it on a true 'production' system, but can you do the CentOS equivalent of 'apt-get upgrade' and be reasonably assured of not breaking things?

          Yes

          I've always been intrigued with CentOS, and it does seem to have a good reputation as far as stability is concerned, but after growing up with apt-get (and before that, nightmarish experiences with dependency hell on some very early RedHat systems), I've developed a certain perhaps-unwarranted negative bias of everything else.

          I prefer yum myself. I used apt when it first came out, and loved it. Since I got my first 64 bit machine I just prefer something that handles the dual architecture a little better. For the most part they're about the same though.
      • Re: (Score:3, Interesting)

        by Spudds (860292)
        What kind of dope uses Fedora on a production server?

        It's arrogant, elitist (and ignorant) comments like this that really drive me crazy.

        What you use in your production environment depends on different things; Knowledge and preference of the admins, business needs, type of environment, etc.

        At my current employer, we're moving away from debian towards fedora for a very specific reason: Our requirements dictate that we *need* functionality that doesn't exist in 1000 year old software that's housed in debian p
    • by sumdumass (711423)
      I had a simular problem but it was a little worse. It was with mandrake (now mandriva) and not only did they stop updating my version after about a year an a half, they pulled all the existing updates from the servers and they weren't availible anymore. I had some program that was compiled against something that was newer after an update but the next mandrake release version was too new and I couldn't get that program to compile and except the data set from a server that crashed due to harware problems.

      Long
    • Re: (Score:2, Insightful)

      by Anonymous Coward
      This article is FUD. Nothing more.

      The stability of Gentoo on ANY system is user controlled. Period. Yes functioning hardware is first and foremost, but running a stable/unstable system is entirely set up by user config settings. Its THIS ability in Gentoo, that will determine just what software gets updated at what stage of their particular development.

      I keep reading posts in here about constant updates, and bleeding edge, which in turn produce broken Databases, unstable systems etc. If people don't know ho
      • Re: (Score:3, Informative)

        by scum-e-bag (211846)

        If people don't know how to properly Administer their Linux distro's and the software and applications they are running on them, they have no right to complain about the stability/instability of the distros THEY CHOOSE TO RUN.
        I just thought I might repeat that point as there are too many Linux "experts" out there whose only real skill is being able to run the installation disk.
    • by saleenS281 (859657) on Monday January 29, 2007 @01:06AM (#17795752) Homepage
      And that my friend, is the niche Opensolaris will quickly start filling.
    • Re: (Score:3, Insightful)

      by neersign (956437)

      on the contrary, this article makes NO good points. First of all, he is using old hardware and then he complains about the time it takes to compile packages. Duh. Slow computer + large packages like Apache and MySQL = a lot of time spent compiling. The writer talks about the inital install taking a long time. Yes, my first time installing Gentoo using the CLI took a long time, too, because I was spending more time reading the documentation than performing the steps. The documentation is stupendous, bt

  • by (H)elix1 (231155) * <slashdot.helix@nOSPaM.gmail.com> on Sunday January 28, 2007 @11:32PM (#17795056) Homepage Journal
    Gentoo allows you to be on the cutting edge, just like all the other distributions. The primary difference is it makes it very easy for those who don't know what they are doing to be there. Most folks running SuSE, RH, or one of the other 'package' based distributions won't build their own RPM, etc. There is nothing stopping one of the 'normal' distributions from upgrading the kernel with each release. I certainly don't update everything on my Gentoo box because it is there, on my server.

    I run Gentoo on a server. The server is stripped down beyond what a typical 'router' distro looks like - one of the reasons I went with Gentoo is I could really trim the system down for the job at hand. My server only gets updates for security, and once in a while a bug fix that impacts the applications running on the server. Not often. When I need to compile something big, the last place I'd do it on is the server itself - it has another task. I take one of my workstations with far more GCC horsepower and let distccd [gentoo.org] do the work for the poor little pizza box. Beyond the initial build, I doubt those boxes have ever compiled anything.

    Since it is a source-based distro, I also am not trapped by RPM's or other packages no longer getting provided for my system. One of the applications I had was using RH9 (with paid support) only to have them drop maintenance on it and have the vender drag their feet moving to another platform (clue stick, they had issues with the 2.6 kernel, so would not 'support' any platform but RH 8 and later 9. The enterprise editions? Forget about it... You want to live in the suck, you try keeping one of those boxes alive and secure years after it EOL.
    • Re: (Score:3, Insightful)

      by Ash-Fox (726320)
      Of course some distributions like Debian/Ubuntu/Mandriva let you build the packages if you really want to.

      With Debian/Ubuntu it's easily done with apt-build. Mandriva on the other hand, things get a bit more complicated.
    • by Anonymous Coward on Sunday January 28, 2007 @11:51PM (#17795254)
      You are essentially describing a Slackware system after 20 minutes of install.
      • Re: (Score:3, Insightful)

        by wolf31o2 (778801)

        It's just not trendy to knock on Slackware, so everyone targets Gentoo.

        Some people also love to ignore advances that are made. The article mentions how long it took to install Gentoo. He claims that there was not an installer when he performed his installation more than a year ago. This is false. There was an installer, but it was considered experimental. Since then, the installer has become the de facto installation method on x86/amd64 and will be the default method on other architectures as support

  • And?? (Score:5, Informative)

    by friedmud (512466) on Sunday January 28, 2007 @11:35PM (#17795080)
    "I firmly believe in updating server software only when you need to. If you don't need new features, and things are working, why change anything?"

    I agree... so why does this preclude using Gentoo?

    Just because you _can_ update all the time doesn't mean you should. I've used gentoo for various purposes (server, desktop, laptop). What I usually do is get it setup and install all the packages I need and then leave it for a _long_ time... only upgrading packages that I either need the new capability of or for security purposes.

    Look... I personally don't think Gentoo is the best server OS out there... but I also don't think that just because the package system makes it really easy to tinker with the system that Gentoo is inherently unstable...

    Friedmud
    • by lintux (125434)
      Just because you _can_ update all the time doesn't mean you should.

      From what I have heard, it does mean that. Not updating a Gentoy box for half a year or even longer often means that any attempt to upgrade it will be hard and painful.
  • by michrech (468134) on Sunday January 28, 2007 @11:35PM (#17795088)
    There is no 'stable' version of Gentoo. Gentoo is rather a moving target where emerge will forever cause your system to approach the cutting edge.

    Yea. Not quite. This is what the "ACCEPT_KEYWORDS=" setting in make.conf is for. If you don't have it set, you get "stable" packages. If you do have it set, you get the unstable stuff.

    Further, with the use of the files in /etc/portage, you can have a stable system, but have one or more packages be unstable without having it a system-wide setting.

    Haven't read the rest yet, but wanted to point that out.
    • by ensignyu (417022)
      Setting ACCEPT_KEYWORDS is playing with fire anyways. You're guaranteed to run into problems if you do that.
    • by zsau (266209)
      By referring to there being "no 'stable' version of Gentoo", the author was not talking about having stable packages, but having stable package versions. e.g. with Debian Stable, packages don't change version. When a security hole is discovered, they patch the version in Stable, backporting it from upstream if necessary & convenient. (This is a large part of where the disagreement between Mozilla and Debian stems: Debian wants to keep packages at the same version for years at a time, Mozilla wants every
  • Not for me! (Score:5, Funny)

    by MarkRose (820682) on Sunday January 28, 2007 @11:36PM (#17795104) Homepage
    I certainly wouldn't want a Gentoo on my servers. Sure, it wouldn't weigh [wikipedia.org] much, but think of the poop you'd have to clean up!
  • by asv108 (141455) <{alex} {at} {phataudio.org}> on Sunday January 28, 2007 @11:39PM (#17795130) Homepage Journal
    I had a colo box that ran gentoo. Then one day, a standard stable package update broke mysql [alexvalentine.org].

    * MySQL DATADIR is /var/lib/mysql * Previous datadir found, it's YOUR job to change * ownership and have care of it * Sorry, plain up/downgrade between different version of MySQL is (still) * un-supported.

    I vowed never to use Gentoo again, and promptly moved that machine to Debian. I use to run Gentoo on all my desktop machines in the pre-ubuntu days, because it had the most bleeding edge desktop packages and optimizations. After Ubuntu came on the seen, Gentoo had no advantage for me. Its still a great learning too though. I highly recommend for aspiring Linux geeks.

    • Re: (Score:3, Insightful)

      by caluml (551744)
      mysqldump, stop mysql, unmerge it, emerge new version, and restore?

      Anyway, it sounds like you're blaming Gentoo for something that is MySQL's fault. (Assuming that the format was changed, and not just the db dir location). It's probably because you went from 3.x to 4.x or similar.
  • Agreed. (Score:5, Interesting)

    by MrNaz (730548) on Sunday January 28, 2007 @11:39PM (#17795136) Homepage
    I have been a server admin for web/database for about 3 years now. I agree that bleeding edge is *not* where server admins want to be. There's a reason that Debian is widely considered the best server OS despite being rather far behind the bleeding edge. Tried and tested is better than the latest and greatest when you rely on the machine being up. It's also worth noting that the military doesn't use any COTS technology within 5 years of it being released.
  • by mattdev121 (727783) on Sunday January 28, 2007 @11:41PM (#17795154) Homepage
    The problem with Gentoo Linux is not the system itself, it's the stereotypes that people put against it.

    Gentoo is only good for ricers, Gentoo is bleeding edge and unstable, Gentoo is only good for X deployment

    The truth about Gentoo is that it is not really a distribution. Gentoo Linux does not make "releases" and it does not aim to cover one area of the market alone.

    In Gentoo's packaging system, called portage, the aim is not only to provide up-to-the-minute packages (which it does) but also to provide a wide variety of both tested and verified "stable" packages as well as more bleeding-edge, testing packages.

    This, along with a properly configured make.conf and /etc/portage file system, allows you to pull down the packages you want that have been verified as stable (and are also under watch by the Gentoo security project) and keep track of their libraries with revdep-rebuild.

    Stop branding Gentoo with stereotypes that label it as X distribution, the project even calls itself a "metadistribution" capable of dropping into multiple roles.

    • The problem with Gentoo Linux is not the system itself, it's the stereotypes that people put against it.

      The problem with Gentoo is that Gentoo users assume that most people care about configuration options. They assume that people want the most up-to-date packages. They assume that there's no reason to have stable, long-term supported releases.

      The vast majority of the market wants something that's not a moving target. I can install Debian or CentOS, keep it up to date with yum or apt-get, and never worry a

      • by wolf31o2 (778801) on Monday January 29, 2007 @05:13PM (#17804866)

        The problem with Gentoo is that Gentoo users assume that most people care about configuration options. They assume that people want the most up-to-date packages. They assume that there's no reason to have stable, long-term supported releases.

        Huh? We assume no such thing. In fact, we really don't care what "most people" want, at all. We make no assumptions about support. It is Gentoo detractors who tend to claim that we do. We don't. What we care about is making Gentoo. If Gentoo doesn't fit your needs, don't friggin' use it! Trust me, you won't hurt our feelings. If you think Debian is better, use it. If you think Windows is better, use it. You aren't harming us in any way by using what you feel is the best tool for the job. In fact, that is exactly what we try to give to our users. We give them a set of tools to allow them to build what they want.

        I think the biggest issue is that people seem to have this closed-minded view of software and Gentoo. They're stuck in this way of thinking that lends towards doing what the vendor tells you to do. They run Red Hat. They run Debian. They don't think that you can build what you want. Gentoo provides the tools to do just that. For many of my clients, I have built custom Gentoo-based distributions. What they get themselves is slightly different than Gentoo. They get pre-compiled packages. They get a very nice Internet-based update system for these packages. They don't jump into make.conf, at all. They don't need to make these kind of changes. Instead, I have built a custom distribution with the software that the customer wants on it. They install it from CD, and it has exactly what they want on it and nothing else. Gentoo is the tool that builds this system. I am using Gentoo as it was intended, to build exactly what I want. People tend to forget that it is impossible to make something that fits every need. Rather than try to do so, like other distributions do, we instead provide the tools to allow you to build it on your own. It's a completely different philosophy, which is why I understand that so many people simply don't get it.

    • The whole argument of "Gentoo 'wants' you to update a lot of things" is trivially debunked. Gentoo isn't a distro per se, it is a meta-distribution. I have worked in environments where Gentoo was used on servers, desktops, and what have you. The "solution" to Gentoo's frequent changes is simple: maintain your own portage tree mirror, which you keep frozen until you are good and ready to roll out the next major update (which of course you only do after extensive testing, like any Suse, Red Hat, or debian
  • by Anonymous Coward on Sunday January 28, 2007 @11:43PM (#17795168)

    First of all, I find it interesting that FreeBSD never seems to get these complaints and hate about having to recompile packages with portupgrade all the time, and being able to tweak the flags, etc. In this respect, it's just like gentoo!!! Except without a lot of the fancy features like etc-update and slots and masking and multiple supported versions. Yes, the "base system" is more stable on FreeBSD (which is both a blessing and curse), but what is it about Gentoo that attracts so many haters/inexperienced admins, hmm??

    Anyway, I run Gentoo on servers. (Also FreeBSD). I think it's great. I can't stand stuff like Red Hat, which makes it difficult to customize anything, so I'd always resort to installing stuff "by hand", which was a huge pain. Or creating a custom RPM, which was an even bigger pain (RPM is basically a huge clusterfuck in general).

    Being able to set up ebuild "overlays" is great. Being able to set up custom profiles that contain all the software needed for a particular app is great. Writing ebuilds is a piece of cake. Turning on/off various features system-wide is very helpful. The mechanism for merging configs (etc-update or dispatch-conf) is nice. Being able to pin down specific versions with masking is good. Etc. For the record, I've never tweaked the CFLAGS in my life.. that's just not why I use Gentoo.

    The author writes this:

    A profile update will touch a very large number of configuration files, and it may even alter your startup process. Obviously this is not something you want to do to any server. ................. The end result: the machine had to be resuscitated on-site with associated downtime.

    I have no idea what happened to him. Updating your profile is basically moving a symlink, which changes some lists of base packages and other high-level build configuration. It doesn't "touch" anything in your system. Sure, you have to some upgrades afterwards, but you have to do that regularly anyway on Gentoo. Compare it to upgrading FreeBSD from 5.x to 6.x, which is much more involved.

    As you might be aware, FreeBSD has a nice little program called portaudit........... Now, Gentoo also has something like portupgrade. What it doesn?t have is portaudit. ............ In all fairness, Gentoo has an experimental command called "glsa-check".

    I've been using glsa-check for a while now, it works great. It tells me what's got known holes and I just update those packages, and their dependencies. What problem did he have with it, besides the "experimental" status? Yeah it can "do stuff", but I don't use those options, I just use it to get a list of packages with known holes. Heck I could probably write a script to do the very same thing.

    Suppose you need to patch one of your installed packages by the way.. it's very easy to create custom ebuilds on Gentoo. Sometimes I plug security holes that I've found on my own for instance.

    I have a simple strategy with Gentoo servers: keep an identical test/staging server nearby and do your updates on that machine first. Run your application tests and then upgrade the production machine. If you want, build binary packages on the staging machine. I would do this even with Red Hat, Debian, etc.

    Another point: I've NEVER run "emerge -u world". I always do the packages in small groups or chunks and then updated configs, restarted daemons, and run tests after each one. This seems like a much better strategy than what some people do.

    Also, I gotta say, it's probably not a good idea to run Gentoo on a production server unless you've got at least 5 years of Linux admin under your built. You also need to FOLLOW the Gentoo newsletter, AT LEAST, so you can get a heads-up when config files change or files are moved around. It happens from time to time.

    Really, the only valid point he makes that generalizes to servers other than his own is the following: Gentoo takes more time to keep running. But you have to weigh that against the flexibility you get, just like any "build vs. buy" decision.

    • Gentoo's portage was modeled after BSD ports. The similarities are intentional :D
    • Disclaimer: I primarily use FreeBSD servers and Gentoo desktops.

      First of all, I find it interesting that FreeBSD never seems to get these complaints and hate about having to recompile packages with portupgrade all the time, and being able to tweak the flags, etc.

      I'd imagine that there are fewer FreeBSD desktop users than Gentoo desktop users, and I believe it is the "clueless user" stories that cause the most ribbing. I also think that FreeBSD has a bigger presence in the server space. Yahoo runs FreeBSD

    • by mikemcc (4795) on Monday January 29, 2007 @03:09AM (#17796512)
      You wrote, "First of all, I find it interesting that FreeBSD never seems to get these complaints and hate about having to recompile packages with portupgrade all the time, and being able to tweak the flags, etc. In this respect, it's just like gentoo!!!."

      As was pointed out in an earlier post, gentoo is a meta-distribution, whereas FreeBSD is complete operating system. Overall, the "FreeBSD experience" is significantly different from the "Gentoo experience." FreeBSD feels much more polished, and is therefore less likely to produce frustrated blog entries.

      I administer Gentoo, FreeBSD, and RHEL boxes, and have several years of Solaris experience. There is a lot to like about gentoo but the final point that you acknowledge, "Gentoo takes more time to keep running," is extremely important, and worth elaborating on in a whole paragraph of its own.

      It does require more time and effort to build a gentoo box in the first place; it take more time/effort to provide a secure environment (glsa-check is still in beta, for good reasons); it requires more time/effort to ensure that your dev, staging, and production environments are all in sync. Yes, it can be done, and quite elegantly, but it costs more (time == money) to do that on gentoo than using other solutions.

      That is the core frustration of every negative gentoo review that I've read. The most common counter-argument to those complaints boils down to, "You just haven't spent enough time to appreciate the elegant beauty that is gentoo." Allow me to offer a counter-counter-argument.

      Once upon a time, I took the time to fully appreciate the beauty that is emacs. I accepted the truism that emacs doesn't meet you halfway, that you have to go to emacs; I read books on the subject; I made it my default editor; I created a highly customized .emacs file; I got tired of pushing my customzied .emacs file, and all associated libraries, onto every new machine; my pinkies started to hurt all the time; and I noticed that when I was REALLY in a hurry I used vi. Eventually I just stopped using emacs.

      I think of gentoo as the "emacs" of operating systems - really cool, but with a high pain threshold before the cool starts paying for itself.
    • Re: (Score:3, Insightful)

      by drmerope (771119)
      Having run both FreeBSD and Gentoo systems, I think you're missing the obvious reason for why people are more satisified with FreeBSD: it is precisely because it doesn't have: "slots and masking and multiple supported versions". Okay, wait. It does have multiple supported versions, although rarely.

      The problem with USE flags is that every Gentoo build environment is __too__ unique. With FreeBSD, everyone is running, debugging, and fixing the same stuff. Consequently, most of the ports build & work to
  • *sigh* (Score:5, Insightful)

    by Ant P. (974313) on Sunday January 28, 2007 @11:45PM (#17795188) Homepage
    The article makes it sound as if gentoo installs the ~unstable profile by default. The stable one's no more bleeding-edge than Ubuntu.
    • Re: (Score:2, Insightful)

      by notamisfit (995619)
      While stable may not be particularly bleeding-edge, it is still very dynamic, which is the point of the author's grief.
    • Re: (Score:3, Insightful)

      by chamont (25273) *
      It's even worse than that.

      Incidentally, I've run Gentoo for years on laptops, servers, you name it. I switched to Ubuntu about a year ago for desktops, but still use Gentoo on a server.

      What I like about Ubuntu in particular is that every six months you can pretty much EXPECT all your packages, for the most part, to be updated to the most current stable versions. With Gentoo it's so much more haphazard. Yeah, Linux itself is haphazard...right, I know. With Gentoo, however, you're tied to the maintainer of th
    • Re: (Score:2, Informative)

      by VGPowerlord (621254)

      The stable one's no more bleeding-edge than Ubuntu.
      Which is itself a fork of Debian unstable. Makes you think, doesn't it?
  • by Anonymous Coward on Sunday January 28, 2007 @11:54PM (#17795282)
    Gee!!! I thought that moving from Windows to any Linux-based anything would solve all the worlds's problems that Microsoft has caused!!!

    Where, oh where, is the standard Slashdot drivel from you sanctimonious Slashdot twits?
  • by God of Lemmings (455435) on Monday January 29, 2007 @12:00AM (#17795318)
    There is NOTHING forcing you to "emerge world", "emerge system", and "emerge --sync" every single time Gentoo
    updates portage... Emerge flags include "--pretend", "--ask" and "--fetchonly" among several others, learn to
    use them.
  • to each their own (Score:4, Insightful)

    by siddesu (698447) on Monday January 29, 2007 @12:15AM (#17795424)
    i didn't read TF blog post, but since i saw a radical view and the word "server" in the same summary, i'll add my 2 yen here. Since we see the word "server", we assume we're talking competent system administrators here. A competent system administrator usually reads and understands the documentation of a software package before making a decision. Having read the documentation of gentoo, I can suggest at least the following ways to ensure a stable distribution:

    - one can create a copy of the source files repository
    - one can create a repository for self-compiled binary packages and install from there
    - one can use the global repositories, and still get a stable version by restricting available packages by version
    - finally, as others say, one can use the stable version.

    Since the blogger seems to have missed these obvious ways, he hasn't read the documentation, and hence is not a competent administrator, hence his opinion is not very valuable.
  • ...I wonder where the debate stems from. Gentoo is a nice OS and all that, but it's not one that includes the features most server admins want: stability, non-intrusive security upgrades, support for commercial software, minimum hassle, minimum maintenance, and minimum surprises!

    Of course, if you absolutely want to, Gentoo is perfectly capable of running on a server. It's just not something I would use myself, or recommend to any others. People who do so, do it because they are already Gentoo fans, not be

  • by RyogaHibiki (969138) on Monday January 29, 2007 @12:23AM (#17795476)
    (I posted this on the gentoo forums)

    If someone is running a server room with many live production systems where downtime must be in seconds per year, they should ALWAYS have a test environment and a production environment. Gentoo makes it extremely easy to produce this setup. Imagine if you will, this setup:

    1) Master rsync system (contains the portage sync used by all the systems)

    2) Test boxes for each role needed (perhaps you have 3 different kinds of servers, WWW, Mail, DB)

    3) Many production boxes

    What you would end up doing is creating a fairly generic gentoo install (by generic, I mean hardware independent - like i686 or whatever you feel comfortable that will be supported for the lifecycle of the servers). All production servers are identical to the test boxes at the beginning of this example and have a simple backup of the whole test environments (perhaps a large tarball saved on a separate drive). A new update is necessary for apache so you do an emerge --sync on the master rsync system. Then you rsync all the test boxes so they have the same portage tree. You then run the necessary installs on the test systems to make sure that it works, if it doesn't, then you research why and figure out if its easier to fix after the update, or if the update needs to be done differently, if you need to, you can restore the test system from the backup and start over. After you have all the test boxes running well, you can then rsync the production boxes and reproduce the steps necessary to get them updated.

    Once all this is said and done, the production boxes will all be updated successfully (and the updates were tested on the test boxes) and the test boxes will at this point have the same configuration as the production boxes. You would make a new backup of the test boxes and wait for the next time you have to do this cycle. As long as the boxes really are identical, you could even run konsole (or another xterm that allows you to send your input to multiple console windows) and perform the identical steps on all the same type of boxes (sending your update commands to 20 or even 50 servers at once).

    I'm sorry, but in any real production environment, I see NO issues with this setup. It may be a bit time consuming if you have a lot of etc-updates to do, but still, the basic update should be painless to that point.

    -Jason Pf.
  • by fabu10u$ (839423) on Monday January 29, 2007 @12:23AM (#17795484)
    For a true production server where downtime costs thousands or millions of dollars a minute, you need the insurance of having people to escalate to if you have a problem. If for no other reason than to CYA in a liability / management-political situation. That's the real reason not to run your production on Gentoo (though the technical problem mentioned is probably what's kept anyone serious from selling a support contract for it).
  • Nonsense (Score:5, Insightful)

    by loxosceles (580563) on Monday January 29, 2007 @12:30AM (#17795532)
    You say Gentoo wants to change a lot of stuff?

    Any binary distribution has two modes of updates. One is an updated package within the same release; the other is a mass-update from one release to another. Gentoo combines the two, since the distinction is artificial. What you call "changing a lot of stuff" is merely keeping packages reasonably current so that you never have to do a mass-update or complete reinstall.

    Anyone who considers the Gentoo update process too difficult either hasn't used Gentoo (upgrades are easy, and there aren't that many of them if you stick to stable x86) or has never dealt with package conflicts in binary distributions. That is the real horror I want to avoid, and I avoid it nicely by running Gentoo.
  • Updating (Score:3, Insightful)

    by MrEcho.net (632313) on Monday January 29, 2007 @12:34AM (#17795558)
    Gentoo gives you 100% control over your system and how things are built.
    It does NOT force you to do anything.

    "You will need to fix things that break in the upgrade process..." Like what?
    This past year there have been some major changes in the Linux world like:
    glibc, gcc, xorg, apache(Gentoo went to the standard) and mysql are some the things I can think off of the top of my head.
    Because of how Gentoo updates, big updates like these might break things if your not watching what your doing.
    And if your blindly updating your system and overwriting confings when you do etc-update, its your own damm fault.

    There comes a point in where a package is marked 'stable' for some distros, but if you look on the project site, its old and outdated.

    http://gentoo-install.com/ [gentoo-install.com]
  • "Something Considered Harmful" is one of the more cliche ways to title an essay like this. Can't we come up with *slightly* better titles? Like, say, the one the blog post used?

    Anyway, it's been said [meyerweb.com] far better than I could manage already, so I won't keep ranting here.
  • by Maljin Jolt (746064) * on Monday January 29, 2007 @12:57AM (#17795700) Journal
    ...is currently uptime 242 days. Updating daily.

    So, now when server issue has been explained exhaustingly, we can talk about my gentoo programer's desktop, gentoo electronics lab and drill machinery controller, gentoo adsl/wifi router and gentoo tv/multimedia nano-itx box.

    From my point of view, Siker is just a moron and I mean it seriously.
  • by atomic-penguin (100835) <wolfe21 AT marshall DOT edu> on Monday January 29, 2007 @12:59AM (#17795724) Homepage Journal
    It's been said before by many. I cannot say I disagree with the article. With more traditional distributions of Linux, you always have standardized packages with some amount of quality control. Bugs and security holes slip through to the end users all the time. Often your end users report these bugs to the upstream maintainer. Occasionally, the end user even submits fixes upstream.

    Gentoo is so system dependent compared to other distros. The end result, instead of having 1 package for some function, you have 1^n packages for that same function. Given 'n' amount of users with differing hardware and compile time arguments. The Qaulity Assurance ends at the user, always. You ultimately have a quality control department that consists of one, the user.

    Any system upgrade or maintenance procedures in production environments are usually limited to a few hours at most. It does not make sense to spend six hours compiling what could have been installed, configured, and tested in 6 minutes with a pre-compiled package. In the event of a hardware failure, I find it reassuring when a Linux distro can be loaded onto a spare box in 15 minutes. Then spend a few more minutes restoring configurations from a good backup.

    But that's just my opinion. To each his own. If it works for you, then go with it. Otherwise, I'd say it is a fairly level-headed review.
  • I haven't RTFA, but, yeah, compiling all of your software from scratch in a production environment every time you want to upgrade? That's ok. I'll pass.
  • Not anymore. (Score:5, Insightful)

    by a9db0 (31053) on Monday January 29, 2007 @01:19AM (#17795850)
    Gentoo on a server? No longer.

    I used Gentoo for several years. I learned an awful lot about Linux from it. And I appreciate the work that goes into it. But my servers run Debian now, for one reason - quick, reliable updates. I support several small businesses, I don't have the resources to maintain test environnments to check the impact of upgrades. And not having multiple powerful systems at many sites means distcc is not an option. And the recompiles occasionally necessary for apache or samba or postfix or mysql put an unreasonable strain on servers that are typically not high powered and are supporting multiple users. So for quick, reliable system updating apt-get beats emerge every time.

    I'm not knocking gentoo. It's a great system for testing stuff, and evaluating software. But in the 3 minutes it took me to type this post, I could update 5 servers that hadn't been updated in a week.
  • by Opportunist (166417) on Monday January 29, 2007 @01:54AM (#17796096)
    Hello? Security anyone? Or maybe someone remember kernel 2.4.11? Don't wanna update that one either should you happen to have it installed back when it was considered stable?

    I do agree that there are certain things you needn't update. A local server without a connection to any user you do not trust your data with (i.e. nobody but you, if you're smart) running on rock stable software that gets feature adds rather than bugfixes in new versions is a candidate for this. And for this server (singular, probably worldwide), the setup is ok.

    Not updating a server connected to the internet is an invitation for hackers. No matter how "stable" or "solid" or "secure" a system is deemed to be at the moment of its compilation. Time and again there are bugs found in software that has been considered stable and safe for years. OpenSSH is hardly the most insecure application out there, and I would NOT want to see what happens to a server that does not update it.

    And, last but not least, when you don't want to update Gentoo, you don't have to. It's fine and satisfied if you don't do an update sync. Actually, you reduce the workload of the servers if you don't.

    So what the hell is this fuss about?
  • Gentoo in the server room? [linux.com]

    I think Gentoo CAN work in the server room. glsa [gentoo.org] and other tools make it a better candidate than it was a few years ago.

    Some of the other popular distros capable of running X-less (e.g. Debian) and the *BSDs have been and are in wider production deployment. Of course, if one is tied to a storage, database, or backup vendor, one may be tied to Red Hat or SUSE.
  • I'm currently doing a work study at my university helping them administrate their Gentoo machines. They to have given up on Gentoo and are planning a switch to Ubuntu. The problem with Gentoo is that you really need it to be someones job to maintain it. The problem my university had was that everyone there had many responsibilities and did not want to waste time making sure that everything was going smoothly on Gentoo. This led them to just ignore it and never update. It worked fine until users asked for n
  • So? (Score:4, Insightful)

    by Enahs (1606) on Monday January 29, 2007 @02:22AM (#17796262) Journal
    Call me a jerk, but I found a lot of what was said to be totally accurate. I tried to love Gentoo, off and on, for three years. While it's true that you can start on a fairly complete base system, and while it's true that there are tools available such as glsa-check now and revdep-rebuild (to say nothing of the joys of being able to unmask only what you want to have as totally bleeding-edge) it's true that it's it's a major time sink.

    I'll be more than happy to let the folks at Canoical, Red Hat, Novell, or wherever be the ones to put in several hours of work; I simply can't, at home, put in the hours required to maintain a "stable" system. When I quit using Gentoo a couple of years ago, it was to the point where I'd search the forums before I'd ever install a piece of software. And you know what? That gets old. Real old. Especially if you're sitting in front of what should be a desktop machine and you're waiting for revdep-rebuild to rebuild a couple dozen packages because libpng applied a non-backwards-compatible patch that fixed a major security flaw.

    Sorry, kids, but although I can deal with running a Gentoo system, I choose to run Kubuntu 6.10. Not because I'm too much of a wuss to run Gentoo, or because I'm too stupid to run anything other than Ubuntu, but because I'd rather spend the hour or so of computer time I have at home some days getting pix and video of my adorable girl (now at toddler age) ready for the grandparents. Not glamorous, and doesn't help push the state of the art, but it's much more gratifying than, say (I'm making this one up), trying to chase down the ruby package maintainer to get him to apply a patch so that you can use Getopt::Long without having to edit files by hand. ;-)
    • Re: (Score:3, Insightful)

      by Mordaximus (566304)

      OK, you're a jerk ;)

      Sure, kubuntu is great on a desktop, but how does that relate to the article, running Gentoo on a sever? Gentoo lends itself quite nicely to a server environment. Personally any server I've run in the past 4 years has run Gentoo. I've run others before and I've tired others since. I've come to realize that the initial time you spend building a Gentoo server (minus compile time) is about equivalent to the amount of time I've had to spend going back to customize things I didn't like abo

  • FreeBSD (Score:3, Interesting)

    by petrus4 (213815) on Monday January 29, 2007 @03:02AM (#17796474) Homepage Journal
    No offense to Daniel Robbins or any of the other Gentoo people, but to me personally, downstream water doesn't taste so good. ;-)

    Daniel's original premise seems to have been (which I agree with) that there are some elements of FreeBSD which are highly desirable, which at the time, Linux didn't have. Ports, portaudit, portupgrade...they're all good things. Ubuntu has an equivalent of portaudit and portupgrade combined, and of course the Red Hat autoupdate was probably the first on Linux, but the difference between those and the two commands I mentioned is that the Ubuntu and Red Hat services both focus on binaries...portupgrade anywayz focuses on source, which is something that at least some of us want.

    I don't advocate using source compilation all the time, or if I do, at least not during the day or when you're active...set something up to do it while you're asleep or while the system isn't being used...that way it won't bother you. To be honest also, the main reason why I advocate compiling from source is simply for the reason that if you stop doing a certain thing for long enough, the ability to do said thing when you *do* want to has a tendency to disappear. If you maintain the attitude of compiling from source when it doesn't matter, there'll still be enough people doing it that the option to do so will still be there when it *does*.

    There are a lot of people out there who don't want to do anything that even vaguely resembles self-responsibility or proactivity, at least where using a computer is concerned. That's fine, but said people need to realise that the fascist nature of such things as Vista is merely the ultimate logical extension of them wanting multinational corporations to act as their wetnurse. It's been an eternal truth in politics and other areas as well as IT that freedom and proactivity genuinely go hand in hand...If you don't want one, you're not going to get the other.
  • by bnomis (97482) on Monday January 29, 2007 @03:06AM (#17796504) Homepage
    To summarize:

    Quote: "If you don't need new features, and things are working, why change anything?"
    Translation: "Never change a working system."

    Quote: "...I ran the dreaded but most needed "emerge world"..."
    Translation: "My system worked but I updated everything"

    Quote: "I had nearly no idea of what I was updating..."
    Translation: "I didn't bother to check what was going to change"

    Quote: "I tried to read the enormous emerge log file..."
    Translation: "I didn't bother to read the log file about what had changed"

    Quote: "...the machine had to be resuscitated..."
    Translation: "I changed it, it doesn't work anymore and I can't be bother to read the documentation"

    Basically, he made a bad choice for his environment. Horses for courses.

  • Not at all (Score:5, Insightful)

    by vandan (151516) on Monday January 29, 2007 @03:30AM (#17796612) Homepage
    I've been using Gentoo on our database / web / email / many-other-goodies server since August 2003 ( I keep emerge --sync logs ). I'm running the stable branch on our server, and the unstable ( ~x86 ) branch on desktops. I certainly agree that updates on the unstable branch have to be done thoughtfully, but building binary packages when emerging helps a great deal with disaster recovery. It's nothing that can't be fixed with a little searching.

    But on the stable branch, I've actually been very surprised with how ... stable ... it is ( coming from the ~x86 branch ). I keep a separate binary packages repository for the server ... just in case ... but haven't actually had to back-track to anything yet. I do updates outside of work hours, and revdep-rebuild when upgrading major parts. I haven't had any catastrophes yet. Actually I haven't even had any mishaps yet. What can I say? If you are confident enough to run Linux on a server, I say you can handle the stable branch of Gentoo.

    As for the points the author raised against Gentoo:

    1) Too long to do initial install.

    This one gives it away from the start. You only install once. But this is at the top of the list. I can't remember how long it took me to install Gentoo on this server, but it was probably 2 days or something. Who cares? That's what time I take installing *any* server. You don't just whack it together and put it into production. You install, you read, you test, you frig around some more. What's wrong with that? The author is no server administrator.

    2) Same as point one, just repeated

    WTF? Seriously, this author has his head up his arse. On the one hand, he later says that you shouldn't update willy-nilly on servers, and yet then says that it takes ages to update everything. So what, exactly, is he trying to achieve? It takes me about 10 - 15 minutes to update MySQL, which is the most common package I update. What's wrong with that? I back things up, shut down MySQL, emerge the new MySQL package, test, and import form backups if required. No problem? Where is this guy's problem, seriously?

    3) Don't like updates, even if they are to more stable packages

    Nothing forces you to update packages. Also, no-one claims that packages updates *won't* break things ( though my experience is that in the stable branch, updates *don't* break things ). But if you don't want to update, don't. No problem. If you do want to update, the tools are there to update easily. Sure you should pay attention to what you're doing. It goes without saying.

    4) Same as point 3, but with the update impetus being security instead of stablity

    Doesn't deserve a response really.

    I challenge this author to prove that he's actually used Gentoo Linux for more than 7 days without running crying back to Linspire.
  • by thesandbender (911391) on Monday January 29, 2007 @08:41AM (#17798148)
    Seriously the "if it ain't broke don't fix mentality" is what pays my bills.

    There are two kinds of "broke", there are gaps in functionality ... e.g. migrating from Apache 1.x to 2.x... and then there are bugs that haven't affected you yet but are still in the code base. Just because you haven't experienced any problems yet does not mean there aren't any underlying problems in the packages you're using.

    Case in point. The company I work for is in a mad dash to upgrade for the DST time change. And for those of you thinking "duh, you just upgrade your timezone files"... no it's not that easy. Some Sun systems require firmware upgrades, almost all of the systems prior to 2005 require binary updates because they can't handle a timezone that has two rulesets (e.g. they would apply the new 2007 rules to timestamps from 2005), most JVM's have to be patched or upgraded and some applications inexplicably do their own calculations and have to be update as well.

    The majority of the company has the "if it ain't broke" mentality and were running everything from NT 4.0 on DEC Alpha's and Sun 2.4 to Windows 2003 64-bit and Solaris 10. Upgrading the older machines is an absolute nightmare because the vendor patches are built one, two even three years worth of patches that we haven't applied. What should be a relatively simple upgrade task has broken applications all over the place and has our QA and Engineering staff bleary eyed and ready for it all to just end.

    The answer is controlled refresh. Twice a year you sync up your servers with a certain patchset. You don't go crazy... you just get vendor required patches and include them in your dev and qa cycles. And you DO NOT USE EOL OS' in an enterprise environment. Ever. This includes commercial and FOSS packages.

    Full Disclosure : I run two gentoo boxes at my house my workstation and my mythtv box. I patch them about once a week because I like to tinker. My web/file/mysql server is running on a stripped down Debian system that only gets patched every few months or if there is an advisory that comes out.

Imitation is the sincerest form of plagarism.

Working...