[Cialug] CentOS Yum error

Josh More morej at alliancetechnologies.net
Tue Aug 12 15:13:50 CDT 2008 

That's the logic behind rpmforge (for RHEL/CentOS) and the various
opensuse repositories.  For getting things done, it's great.

However, for your more secured environments and your extremely tested
environments (certified operating systems, anyone?), limiting the number
of packages is a very good thing, as it limits the potential vectors for
attack and error.

Just another thing to consider when doing distro selection.


 

-Josh More, RHCE, CISSP, NCLP, GIAC 
 morej at alliancetechnologies.net 
 515-245-7701



>>> David Champion <dchampion at visionary.com> 08/12/08 2:57 PM >>> 
Matthew Nuzum wrote:
> On Tue, Aug 12, 2008 at 2:26 PM, Zachary Kotlarek <zach at kotlarek.com>
wrote:
>   
>>> This is why you should always work within the paradigm of the
system
>>> you're on.  If you hack around it, you find out pretty quickly
that
>>> there are reasons why things are set up the way they are.
>>>       
>> I know package managers make it easy to install things, particularly
if you
>> don't have a full toolchain on all your systems. And they're a great
way to
>> un-install things. But I'm sticking with my makefiles.
>>     
>
> Almost all of my non hardware/network related downtime can be
related
> to this type of stuff.
>
> It will pay off in spades if you bite the bullet and get comfortable
> with your package manager's build capability (i.e. rpmbuild) for
> creating the packages you want and need. Sometimes its a pain
because
> you have to build 5 package dependencies for the one you want, but
in
> the long run that time is an investment and you'll get it back with
> interest when problems happen. And even if you don't, it's like a
> backup - hopefully you don't need it, but if you do, you'll be glad
> you spent the time.
>
> Plus, once you start installing via `make install` you can no longer
> trust the vendor's security updates not to break your system. That
> leaves you vulnerable.
>
>   
Part of this has to do with your Distro of choice... Seems like with 
some, like RHEL, there are only like a dozen packages in the repository

(gross exaggeration), so any time you want to do something outside what

RH has available, you either have to add more repositories, or go one
of 
the other routes. One example - there's no php-mssql package for RHEL.

Nobody would ever need to connect to a MS-SQL server in an enterprise 
environment, right?

That's one of the things I really like about Mandriva... between the 
main, contrib, and plf sources, I can get most all of the packages I
need.

-dc


_______________________________________________
Cialug mailing list
Cialug at cialug.org
http://cialug.org/mailman/listinfo/cialug

More information about the Cialug mailing list