- Oct 24, 2000
- 29,767
- 33
- 81
Hasn't been done....yet...nothing mission critical on it either...
But, how can one configure Gentoo to update itself with the latest security "patches"?
Hasn't been done....yet...nothing mission critical on it either...
But, how can one configure Gentoo to update itself with the latest security "patches"?
Not built yet AFAIK, you can do a check to see which packages have a security advisory with glsa-check but what you are asking for is probably a few more months to a year out.
Geez. Debian is easy.
Thing is that Gentoo is alright for nothing mission critical and all that. I don't like the idea of using it for something important though.
Mostly it's the security and stability issues. There are going to be lots of people using the same binaries and same exact versions that I do. Also all the packages have been thru a rigirious testing and evaluation period (in relative to other Linux's).
In Debian you have several stages that a package has to go thru in order to make it into stable. It starts off in a Debian Experimental branch for that specific role or code base.. Then after it's got basic compatability testing and the developer thinks it's ok for general use it is then stuck into Debian Unstable were it will be used by developers and Debian-advanced/experianced users that weed out any obvious bugs and compatability issues with other software packages.
After passing Unstable then the package is sent to testing were it's then evaluated by another group of users and is given time to get more testing and is eventually joined by other packages that have been thru the same proccess.
After that then the whole thing, packages and OS and all, are then upgraded to Stable.
In stable they go into maintanance were they are only updated when new bugs are found or security issues. The whole OS and almost all the packages used in it are thusly tested for compatability, completeness, and correctness thru the natural proccess that Debian proccess that they've developed over the years.
And then as a end user I can be confident that everything will be compatable and reatively bug free. It's fairly unchanging and very reliable and stable and I know that security issues will be taken care of quickly.
So that, as a end user, if I wanted to create a complex website depending on various technologies... Say for example: Apache web server, PostgreSQL database, various ODBC do-dads for people keeping track of inventory on the Desktop, Zope, Python and various Python modules, Apache Python-mod or whatever, etc etc.. then throw into the mix some propriatory software on a different computer I have to deal with, bunches of custom scripts, html, and stuff developed by other people.
With Debian Stable I can be realtively certain that when I do a "apt-get update && apt-get ugprade" I will end up with a server setup that still works just as well as before I did the upgrade.
If I was using Gentoo (or Debian Unstable for that matter) I couldn't be certain that after doing a upgrade that all the 20-40 different packages that I depend on will still work the same exact way as it did before. There is a lot that could happen... For instance If I use Python-based programs for some Intraweb application do-dad I could end up with upgrading some python modules that may have a different or improved syntax, that while maybe technically superior, may cause some scripts to break. Or something may change with a ODBC connector and it becomes subtly uncompatable with the MS Office-based Excell scripts that the accounts have themselves written in some way. Or maybe a new bug is introduced that crashes the web server...
All sorts of crap like that can cause huge headaches and unintentional downtime.
Then there are numerious security issues. For isntance If I need to allow people to log in remotely to my server and they are not all completely trusted (like they may pick stupid passwords or whatnot) then it's a very bad idea to let them have all this developement software and compilers and all that within easy reach. Linux has enough issues with "Local Root Exploits" without giving hackers the tools they need to root me just by default.
And if you get hacked, you probably wont' know it, unless you have some intrusion detection system running or keep paranoid-as-all-get-out eye on your server. This isnt' windows, it's not going to go BOSD because some script kiddy is running some bad application on your system. It's almost trivially easy in Linux to cover your tracks if you've rooted a system.. as root a hacker would have ultimate power over every aspect of your server, including any logging facilities or virus scanners or whatnot. (which is why people made IDS and SELinux among other stuff)
Now for a personal or for simple stuff using Gentoo as a server is just fine. Personally I use Debian Unstable for everything, which is about the same level of changing-ness.
Other then that the reason I use Debian is because the quality of the packages and 'completeness' of the OS. I don't have anything against Gentoo aside from the length of time that it takes to compile stuff. (I do like lots of Gentoo's documentation though, some of it is very handy)
If you want to give Debian a serious try check out:
Debian GNU/Linux Desktop Survival Guide
Debian Newbie Doc (for newbies by ex-newbies)
The following can be installed by going thru apt-get:
http://www.debian.org/doc/manuals/debian-faq/index.en.html
http://www.debian.org/doc/manuals/apt-howto/index.en.html
http://www.debian.org/doc/manuals/reference/reference.en.html
Usually docs get installed in /usr/share/doc/ but you end up with documentation for every single package and it can get annoying searching thru it all. However if your having issues with certain things it's always best to check there... also for some packages you have something like 'python', but you also have 'python-dev' for when you need to compile packages that may need something extra, also you can have 'python-doc' which will have extra information aviable for you to use. Also checking out /usr/share/doc-base is sometimes helpfull.
Thing is that Gentoo is alright for nothing mission critical and all that. I don't like the idea of using it for something important though.
Mostly it's the security and stability issues. There are going to be lots of people using the same binaries and same exact versions that I do. Also all the packages have been thru a rigirious testing and evaluation period (in relative to other Linux's).
In Debian you have several stages that a package has to go thru in order to make it into stable. It starts off in a Debian Experimental branch for that specific role or code base.. Then after it's got basic compatability testing and the developer thinks it's ok for general use it is then stuck into Debian Unstable were it will be used by developers and Debian-advanced/experianced users that weed out any obvious bugs and compatability issues with other software packages.
After passing Unstable then the package is sent to testing were it's then evaluated by another group of users and is given time to get more testing and is eventually joined by other packages that have been thru the same proccess.
After that then the whole thing, packages and OS and all, are then upgraded to Stable.
In stable they go into maintanance were they are only updated when new bugs are found or security issues. The whole OS and almost all the packages used in it are thusly tested for compatability, completeness, and correctness thru the natural proccess that Debian proccess that they've developed over the years.
And then as a end user I can be confident that everything will be compatable and reatively bug free. It's fairly unchanging and very reliable and stable and I know that security issues will be taken care of quickly.
So that, as a end user, if I wanted to create a complex website depending on various technologies... Say for example: Apache web server, PostgreSQL database, various ODBC do-dads for people keeping track of inventory on the Desktop, Zope, Python and various Python modules, Apache Python-mod or whatever, etc etc.. then throw into the mix some propriatory software on a different computer I have to deal with, bunches of custom scripts, html, and stuff developed by other people.
With Debian Stable I can be realtively certain that when I do a "apt-get update && apt-get ugprade" I will end up with a server setup that still works just as well as before I did the upgrade.
If I was using Gentoo (or Debian Unstable for that matter) I couldn't be certain that after doing a upgrade that all the 20-40 different packages that I depend on will still work the same exact way as it did before. There is a lot that could happen... For instance If I use Python-based programs for some Intraweb application do-dad I could end up with upgrading some python modules that may have a different or improved syntax, that while maybe technically superior, may cause some scripts to break. Or something may change with a ODBC connector and it becomes subtly uncompatable with the MS Office-based Excell scripts that the accounts have themselves written in some way. Or maybe a new bug is introduced that crashes the web server...
All sorts of crap like that can cause huge headaches and unintentional downtime.
Then there are numerious security issues. For isntance If I need to allow people to log in remotely to my server and they are not all completely trusted (like they may pick stupid passwords or whatnot) then it's a very bad idea to let them have all this developement software and compilers and all that within easy reach. Linux has enough issues with "Local Root Exploits" without giving hackers the tools they need to root me just by default.
And if you get hacked, you probably wont' know it, unless you have some intrusion detection system running or keep paranoid-as-all-get-out eye on your server. This isnt' windows, it's not going to go BOSD because some script kiddy is running some bad application on your system. It's almost trivially easy in Linux to cover your tracks if you've rooted a system.. as root a hacker would have ultimate power over every aspect of your server, including any logging facilities or virus scanners or whatnot. (which is why people made IDS and SELinux among other stuff)
Now for a personal or for simple stuff using Gentoo as a server is just fine. Personally I use Debian Unstable for everything, which is about the same level of changing-ness.
Other then that the reason I use Debian is because the quality of the packages and 'completeness' of the OS. I don't have anything against Gentoo aside from the length of time that it takes to compile stuff. (I do like lots of Gentoo's documentation though, some of it is very handy)
If you want to give Debian a serious try check out:
Debian GNU/Linux Desktop Survival Guide
Debian Newbie Doc (for newbies by ex-newbies)
The following can be installed by going thru apt-get:
http://www.debian.org/doc/manuals/debian-faq/index.en.html
http://www.debian.org/doc/manuals/apt-howto/index.en.html
http://www.debian.org/doc/manuals/reference/reference.en.html
Usually docs get installed in /usr/share/doc/ but you end up with documentation for every single package and it can get annoying searching thru it all. However if your having issues with certain things it's always best to check there... also for some packages you have something like 'python', but you also have 'python-dev' for when you need to compile packages that may need something extra, also you can have 'python-doc' which will have extra information aviable for you to use. Also checking out /usr/share/doc-base is sometimes helpfull.
That's why you have a development or test setup. I don't think a compiler being on the server really matters that much anyhow.
Originally posted by: rahvin
You are just jelous of my expanded and affluent oriented vocabulary. I of course have always wanted to emerge software.
Seriously though, I find emerge's command set to be extremely intuitive, I can't say the same thing about apt-get and the only conclusion I can draw is someone foreign wrote apt-get and someone american wrote emerge. I find linux has a lot of idiosyncroncies though because of the international development.
Heh, I agree about emerge being nicer all around, while I prefer Debian overall.
Regarding the foreigner thing though, I've always found ti to be Americans who like to confuse the hell out of everything
I setup a VPN to a bunch of Russians a while back, we sent a few mails back and forth, and shared some details over the phone, then we were up and running.
A few weeks later I was tasked with setting up a VPN to an American bank, they sent me a whole damn phonebook with (useless)info, SLA's, rules, blah blah blah, and a bigass form to fill in.
Guess I should be happy I didn't have to read the business SLA though, now THAT was a freaking dictionary in 15 different languages, including a clause about us needing a earthquake and nuclear safe server room.
We kindly told them neither earthquakes nor nuclear wars are particularly common in Sweden
Oh and to the OP, migrating between Debian and Gentoo should be a piece of cake, no matter the direction, IMO.
sourceninja
Diamond Member
- Mar 8, 2005
- 8,805
- 65
- 91
What you wanted was
sudo apt-get install build-essential
that should get you most everything you need to compile stuff.
I suggest you give a good read at www.ubuntuguide.org
doh....had a fiber nic, no drivers, synaptic installed linux sources, went into roll my own kernel, and it's:
1. NOT USEING SMP on my 4PROC SERVER!!
2. The Driver for the nic is in the kernel source, but not make menuconfig, so I can't add support!
Much more of this and I'm just going to move it back over to Gentoo. Also, is aptitude (think I saw that mentioned) a CLI frontend to apt-get, kinda like Synaptic (only no need for X)?
1. NOT USEING SMP on my 4PROC SERVER!!
2. The Driver for the nic is in the kernel source, but not make menuconfig, so I can't add support!
Much more of this and I'm just going to move it back over to Gentoo. Also, is aptitude (think I saw that mentioned) a CLI frontend to apt-get, kinda like Synaptic (only no need for X)?
sourceninja
Diamond Member
- Mar 8, 2005
- 8,805
- 65
- 91
Aptitude is a ncurses front end to dpkg. Just like apt and synaptic is are other front ends to dpkg. If I recall.
- Oct 24, 2000
- 29,767
- 33
- 81
I think I am going to stick with Gentoo.
Only took me an hour or two to install and configure and has served me well for 2 years. Why fix what ain't broke?
Only took me an hour or two to install and configure and has served me well for 2 years. Why fix what ain't broke?
Nothinman
Elite Member
- Sep 14, 2001
- 30,672
- 0
- 0
If you configured your own kernel, that's your fault. If you're using a pre-built kernel there are -smp kernel packages.
Debian has tools to make compiling custom kernels into package simple. And if you installed the module source, it doesn't automatically patch it into any kernel source so you have to compile it seperately with module assistant or make-kpkg.
http://www.debian.org/doc/manuals/reference/ch-kernel.en.html
I used the kernel that was installed when I installed from the Ubuntu disk. I figured it was smart enough to recognize the multiple CPU's (Suse and RH both do, iirc)
I found a bugreport about that module not being included in the debian kernel. It was a notgoingtofix type status, perhaps it's unstable. I am going to have to move a box to normal Debian and learn it, because I think for new servers, as it's more stable across system updates.
I moved that 4 proc server to gentoo for now.
I found a bugreport about that module not being included in the debian kernel. It was a notgoingtofix type status, perhaps it's unstable. I am going to have to move a box to normal Debian and learn it, because I think for new servers, as it's more stable across system updates.
I moved that 4 proc server to gentoo for now.
lol, you are correct there.
It is an older Fiber gigabit. Acenet I think? Can't remember now, and too far away from my box to lspci it.
Oh comeon, of all the things to rag on him about. I can't remember the name of drivers sometimes from one minute to the next. Of course I can't remember the name of people I met 2 minutes ago. Having a bad memory for names is pretty common and it wouldn't be hard to extrapolate that back to remembering the name of some obscure driver that you have used a couple times.
hrm.
Dealing with kernel stuff in Debian is pretty easy.
However it's usually not worth it to compile your own kernel. Debian's kernels are nice, have all the modules you'd need for most things, and when time comes to update you don't have to recompile and reconfigure everything. Unfortunately nowadays there are software that depends on certain kernel configurations and versions to work or at least be full featured. By sticking to the Debian kernel you know that it's a tested configuration and security problems are attempted to be looked after.
In the unlikely event were you end up having to compile your own kernel Debian provides a way to make it mesh well with the rest of the system and provides utilities and software to make it work out fairly well... Kernel sources and Debian patchs are provided thru apt-get.
The proccess for the old Stable series is described here:
http://newbiedoc.sourceforge.net/system/kernel-pkg.html
(the lazy way is to cd into your linux source tree and do "make-kpkg clean" then "make-kpkg kernel_image modules_image" after you've configured your kernel.
But current stable/testing/unstable should be very similar.
That way you can use Debian's package managment stuff to handle installing and uninstalling custom kernels and you can keep various revisions or copy them from machine to machine in the form of .deb files.
Debian also provides for many modules that are not aviable thru the standard kernel source.. which may be what has happenned with your cards.. They provide pre-compiled modules for Debian kernels that are aviable thru apt-get, like wlan drivers for some wireless cards and even Nvidia's propriatory drivers (although I prefer to get the latest drivers from Nvidia's website and isntall those myself... if you do that avoid installing the debian nvidia packages first.. it can mess things up, I think).
If you want a handy-dandy tool to deal with that sort of thing check out 'module-assistant' which is aviable thru apt-get. After you update it and use it to prepare your enviroment you can select from a list of aviable add-on modules and have it download, compile, and install them for you.
It's nice when it works.
Now if what you want is not aviable from debian or whatever and you download the source tarball for the modules, but you don't have the kernel developement files aviable they are aviable thru apt-get and the package name is usually kernel-headers-<kernel-version>
Then there will probably be some other packages that will be recommended to be installed along with that package, so install those too.
So that's kinda of the debian way of handling kernels, custom kernels, and third-party modules.
Dealing with kernel stuff in Debian is pretty easy.
However it's usually not worth it to compile your own kernel. Debian's kernels are nice, have all the modules you'd need for most things, and when time comes to update you don't have to recompile and reconfigure everything. Unfortunately nowadays there are software that depends on certain kernel configurations and versions to work or at least be full featured. By sticking to the Debian kernel you know that it's a tested configuration and security problems are attempted to be looked after.
In the unlikely event were you end up having to compile your own kernel Debian provides a way to make it mesh well with the rest of the system and provides utilities and software to make it work out fairly well... Kernel sources and Debian patchs are provided thru apt-get.
The proccess for the old Stable series is described here:
http://newbiedoc.sourceforge.net/system/kernel-pkg.html
(the lazy way is to cd into your linux source tree and do "make-kpkg clean" then "make-kpkg kernel_image modules_image" after you've configured your kernel.
But current stable/testing/unstable should be very similar.
That way you can use Debian's package managment stuff to handle installing and uninstalling custom kernels and you can keep various revisions or copy them from machine to machine in the form of .deb files.
Debian also provides for many modules that are not aviable thru the standard kernel source.. which may be what has happenned with your cards.. They provide pre-compiled modules for Debian kernels that are aviable thru apt-get, like wlan drivers for some wireless cards and even Nvidia's propriatory drivers (although I prefer to get the latest drivers from Nvidia's website and isntall those myself... if you do that avoid installing the debian nvidia packages first.. it can mess things up, I think).
If you want a handy-dandy tool to deal with that sort of thing check out 'module-assistant' which is aviable thru apt-get. After you update it and use it to prepare your enviroment you can select from a list of aviable add-on modules and have it download, compile, and install them for you.
It's nice when it works.
Now if what you want is not aviable from debian or whatever and you download the source tarball for the modules, but you don't have the kernel developement files aviable they are aviable thru apt-get and the package name is usually kernel-headers-<kernel-version>
Then there will probably be some other packages that will be recommended to be installed along with that package, so install those too.
So that's kinda of the debian way of handling kernels, custom kernels, and third-party modules.
I transitioned from Mandrake (2 years ago) to Debian.
God I was so confused! Mandrake was so easy, but it was so useless (it had all the stuff I could do in windows, so what's the point of a different OS?).
Then I installed Deb. After about a week I figured that wireless + linux = >_<! So I bought a PCI ethernet thing, and updated all my stuff. Within a few days I configured Apache, SSL, and I can access the thing using Putty and all. Debian PWNS - console based linux all the way (setting up KDE was a pain though, so I didn't bother).
-The Pentium Guy
God I was so confused! Mandrake was so easy, but it was so useless (it had all the stuff I could do in windows, so what's the point of a different OS?).
Then I installed Deb. After about a week I figured that wireless + linux = >_<! So I bought a PCI ethernet thing, and updated all my stuff. Within a few days I configured Apache, SSL, and I can access the thing using Putty and all. Debian PWNS - console based linux all the way
(setting up KDE was a pain though, so I didn't bother).-The Pentium Guy
Actually, I think it's that we don't bother to remember people's names as much as we do drivers' names.
haha i read
I agree about emerge being nicer all around, while I prefer Debian overall.
as
I agree about emerge being ricer all around, while I prefer Debian overall.
i guess ive been reading too many Gentoo Ricing posts on Gentoo forums lately =)
I agree about emerge being nicer all around, while I prefer Debian overall.
as
I agree about emerge being ricer all around, while I prefer Debian overall.
i guess ive been reading too many Gentoo Ricing posts on Gentoo forums lately =)
TRENDING THREADS
-
Discussion Zen 5 Speculation (EPYC Turin and Strix Point/Granite Ridge - Ryzen 9000)- Started by DisEnchantment
- Replies: 25K
-
Discussion Intel Meteor, Arrow, Lunar & Panther Lakes Discussion Threads
- Started by Tigerick
- Replies: 21K
-
Discussion Intel current and future Lakes & Rapids thread- Started by TheF34RChannel
- Replies: 23K
-
-
Facebook
Twitter