At AppCove, we run RedHat Enterprise Linux on all of our servers. RHEL is great, because:
- It works
- It still works
- Automatic security updates
- Did I mention, it just works?
RedHat, as far as I know, takes a very serious perspective on patching all of their RPM’s and automatically pushing them out via the update agent (up2date). They are very conservative on the versions of packages that they publish. RHEL 4, for example, is still running PHP 4.x. Python 2.3. MySQL 4.x… I believe that they do this to maintain stability and long term support.
However, for a company like AppCove, those versions are simply too old. For years we have hand-compiled about a dozen packages on RHEL 4 in order to be able to take advantage of relevant features in newer software. PHP, Python, MySQL (from mysql.com supplied RPM), python-mysql, git, erlang, memcached, libmcrypt, and others are part of the growing list of software that we have to install manually.
With this growing list comes a growing issue of security updates and maintainability. More complicated packages need more updated libraries, creating a chain-reaction of additional packages. Etc…
Recently I signed up with a “slice” at SliceHost. (SliceHost provides virtualized machines for a great price, with lots of scalability available). I chose Fedora Core 10 for the OS. I must say I have been very impressed.
All of the packages that I have needed were right there, available by yum install. PHP, Python, python-mysql, erlang, memcached, php-memcached, python-memcached, git, etc…, etc…, and did I mention that tree was even there? And it has all “just worked”.
In summary, here are the items that I need to resolve:
- Is fedora considered as “secure” as RHEL? Is there a team dedicated to getting security patches our fast when identified?
- Are continuous upgrades in fedora an issue? Do software packages abruptly get updated without notice? (this has at times been an issue with RHEL).
- Is it possible to run RHEL while also connecting to fedora package repositories to install specific packages? Desirable? Undesirable? Conflicts?
The most secure computer is one that is locked in a vault and turned off. Since that won’t work for most needs, one must find the appropriate balance between functionality and security.