[H-GEN] Linux Distribution for A Dell Poweredge 840?
David Jericho
david.jericho at aarnet.edu.au
Tue Feb 27 21:47:31 EST 2007
Robert Brockway wrote:
> It is about security and managability, at least for me and others.
How exactly does removing the installed documentation improve any of the
above? On my standard RHEL baseline images, I have approximately 700 MB
of documentation for 200 MB of actual system.
> Software that is not installed cannot be started to open a hole or
cause other
> problems. I always build boxes bottom up (starting from a pure base
> install) and it is less time consuming than installing a lot of stuff
> and pruning.
And you're quite right. However it has been demonstrated time after time
that this assumption is totally false and just not relevant in the real
world. If someone is intent upon violating existing policy, insecure
software will find its way onto a machine.
Given that users can't be trusted to do the right thing, and politics
don't permit the removal of access, I'd prefer they develop a habit of
going to the official repository and complaining when it's not there
rather than doing the ad-hoc thing and compling or uploading a software
package. The obvious advantage being is that a trusted third party is
capable of ensuring that particular package's up-to-date status.
> What makes you think Debian inspired poor admin practices?
Same reason PHP is a poor programming language. A herd of a thousand
cats, all doing their own uncoordinated thing, and leading to several
thousand ways of doing the same task. Providing 15 different versions of
vi doesn't make life any better. In fact, it makes my life significantly
worse when I'm the one that has to come in and clean up someone elses
mess.
I just cannot have a resonable degree of surety that one Debian system
is going to be very similar to another, even within the same
organisation and with the same administrators. This isn't a brush that
said "All Debian users are idiots", but rather "Debian promotes and
environment that doesn't encourage doing it consistently, and that it
takes someone of some calibre to ensure their work is consistent". And
how many Debian systems have you come across over the years that have
dozens of the same sorts of pacakges installed, and ultimately only one
is used?
Being "easy" or "available" isn't everything it's apparently cracked up
to to be.
--
David Jericho
Senior System Administrator, AARNet
Phone: +61 7 3317 9576
Mobile: +61 4 2302 7185
More information about the General
mailing list