On Wed, 05 Mar 2003 14:35:50 +0100 Vincent Renardias <[EMAIL PROTECTED]> wrote:
> (Disclamer: I've been one of the Debian developpers since 1996, so I > might be biased :-) > > - "Distributions": > If all my machines are running Debian 4.0 or RedHat 12.0, I know this > implies all of them are running Apache 1.3.26 and Nessus x.y.z. So you are saying you do not know what they are running but are going to assume it is what came with the CD, wonderful. Why not find out what they are running? > - "Base system with ports": > All my machines are running XyzBSD 4.0, but depending on when I > installed a port on each machine, I may end up with a different > version of Apache/Nessus/Whatever on each machine. Clearly you do not know what you are talking about here. The way real SA's would do it is to have a box set up as the port builder and generate all the packages needed there. Then they would use the package commands to install and delete said packages as needed. To get a complete report of all the properly installed packages all you need to do is: ls -1 /var/db/pkg here is what it looks like: sqlite-2.7.4 squeak-3.2 svgalib-1.4.2_1 sylpheed-claws-0.8.8 t1lib-1.3.1 tcl-8.3.5 tcl-8.4.1,1 tclhttpd-3.3_1 tcllib-1.2 tiff-3.5.7 tiff2png-0.91,1 tk-8.3.5 tk-8.4.1,1 tkcon-2.2 And there are the various /usr/sbin/pkg_* commands, for example pkg_info dumps this: scotty-20000221 Network management extensions to tcl scrollkeeper-0.3.11_4,1 An Open Document Cataloging Project sdl-1.2.4_1 Cross-platform multi-media development API (developm. vers. sdl_image-1.2.2_1 A simple library to load images of various formats as SDL s sdl_mixer-1.2.4_1 A sample multi-channel audio mixer library sdocbook-xml-4.1.2.5 "Simplified" DocBook XML DTD smpeg-0.4.4 A free MPEG1 video player library with sound support sqlite-2.7.4 An SQL database engine in a C library, including a Tcl wrap > > For many people, indeed (including Joe Random and his $40 T1 at home), > this is definatly not an issue. > On the other hand sysadmins having hundreds of boxes tend to prefer > the 1st solution. (For most servers, a 2 year old system + security > fixes is very fine). I have worked on systems with hundreds of boxes and I think the debian and/or linux way to get things is stupid, trusted binaries from some place that I do not control. And the default debian package is basically obsolete. Now on to the mess that is /usr in debian and most/all other linuxs. Why did you guys unsolve the problem of how to keep system stuff from mixing with non system stuff? In FreeBSD packages/ports install in /usr/local or /usr/X11R6, with a few specific exceptions(perl from ports lets you overwrite the system perl with a link to the one in /usr/local, for example) so if some how your addons get screwwed up beyond your desire/abbility to fix you do the following: 1: save all the config files you need to/can 2: dump all the DB's you need to/can 3: turn off all the services running out of /usr/local or /usr/X11R6 4: rm -rf /usr/local /usr/X11R6 /var/db/pkg 5: reinstall your packages, you had a list right 6: put the config files back 7: start services 8: restore the DB's and you are up and running. You cannot do this with linux, I have looked at redhat and debian, because they pollute the system space with all the add ons. They deliberately chose in the face of 20+ years of documented unix experience to ignore the solution and reinvent the problem. marc
