On Fri, Feb 23, 2001 at 08:34:51PM -0500, MaD dUCK wrote: > also sprach Robert Cymbala (on Fri, 23 Feb 2001 05:23:01PM -0800): > > This question comes from LULA discussion list (linux users LA). There > > someone writes that with Red Hat 7, ``up2date'' is equivalent to > > apt-get update/upgrade in terms of security patches. So, switching > > to debian doesn't necessarily mean better or easier security... > > well, except that debian doesn't have $$$ in their eyes and up2date > requires a subscription for $$$ as far as i know.
That's actually a common misconception. I can't believe I'm defending redhat, but the up2date tool has been around since 6.1, and it doesn't cost anything. What does cost money is priority ftp access, without which you'll be hard-pressed to find a mirror that isn't overloaded anytime other than the wee hours of the morning. That said, up2date is *nothing* like apt. All it does it update rpms that you already have installed with security fixes. There is no capability in it to automagically install packages ala apt, nor is there no upgrade to later version option either (which debian offers through testing and unstable). up2date is also a pretty big resource hog for just being an updater. It also makes remote updating virtually impossible over a slow link, as AFAIK, it is a GUI (X) only tool. All in all, I wasn't very impressed with it, other distributions have had similar tools for a few years now (MandrakeUpdate comes to mind), and none of them come close the capability of apt. As to security, it's not just tools. Debian has a pretty good record of responding to security holes extremely quickly, while Redhat can somtimes (not always) drag their feet a bit. Debian also sets you up *much* more secure by default than Redhat, which last time I installed 7, managed to installed every service that existed by default (tftp even!). -Rob