Re: [gentoo-user] Re: Good arguments to use Gentoo Linux?
On Tuesday 23 January 2007 12:07, Neil Bothwick wrote: On Mon, 22 Jan 2007 18:12:07 -0800 (PST), Eric Bohn wrote: Using Portage you're putting yourself at the mercy of any Joe Schmoe with a proxy connection to a Gentoo server that wants to compromise your machine. How so? They'd have to get a compromised source tarball on the distfiles mirrors and a hacked ebuild into the CVS tree. Getting a hacked ebuild on the servers isn't enough, it would be replaced in no more than fifteen minutes. Why is this easier than getting a compromised RPM onto a Red Hat or SUSE server? If you're *really* paranoid rsync twice (with a different mirror each time) then diff the package you intend to install to see if there's any suspect ebuilds. Ditto for distfiles. If in doubt compare gpg/MD5 sums with sourceforge, or the package developer's website/ftp server. Of course, you could repeat three times over and see if there's a discrepancy with the diff comparison. I mean, how much time have you available? If you can script and you're managing a critical server for the MOD, or NASA, or what not, then you could probably automate the whole process and include random selections of servers. If you go back 2-3 years I remember there was a compromise of some Gentoo mirrors and we were all reinstalling afresh. I can't remember what the systemic weakness was, or if/how it was fixed - you may be able to dig something up from the Gmane archives. Some times I feel quite relieved that I only manage a couple of boxen in my spare room. :) -- Regards, Mick pgpAGhSPciNgn.pgp Description: PGP signature
Re: [gentoo-user] Re: Good arguments to use Gentoo Linux?
Daniel da Veiga wrote: On 1/22/07, Eric Bohn [EMAIL PROTECTED] wrote: In the US, I'm almost certain you wouldn't be able to get away with running Gentoo, and more specifically, Portage, the way you apparently do in a secure govt environment. There's probably a federal directive or regulation somewhere that prevents machines being run in govt organizations from using non-standard or officially unapproved technology and/or procedures, and for good reason... I know of many universities, not only from Brazil, but around the world, that use Gentoo. There are many security features in portage, and I believe Gentoo servers and mirrors have some security also, else it would be too easy to compromise thousands of installations around the world, and no cracker would miss this opportunity. Non-standard and officially unapproved technology sounds more like put someone in control of all tech used in the public sector of IT, more like antitrust than standardizing. I've had Portage hose my Gentoo install twice before to the point that I could no longer run Portage, and I run stable, not testing. Using Portage you're putting yourself at the mercy of any Joe Schmoe with a proxy connection to a Gentoo server that wants to compromise your machine. Even most commercial organizations, for job critical computing, have administrators that establish mirror servers for software testing prior to internal distribution. As I mentioned before, I don't think we are at the mercy of any cracker around by using Gentoo. Of course some level of security would be needed, any OS requires that, but lets not hijack this thread, as the OP was talking about DESKTOP installations. It didn't sound like the OP was intending for anyone to do sys admin tasks with Gentoo either, I imagine that could prove to be risky using any Linux distro. Yeah, that's one more reason for a Gentoo install. And just for the record, ANY OS needs sys admin tasks once in a while, if not for initial install, because of breakage, and believe me, I had my quota of breakage before using Gentoo. As someone who started out using Mandrake, I have to say that using Gentoo has been a LOT easier. Yea, I had to learn how to use Gentoo and it is different from Mandrake by far but it is a whole lot easier to manage. I have been using Gentoo for about 2 or 3 years for my desktop and I would not consider switching to any other distro. I spend a lot less time messing with my Gentoo install that I did Mandrake. The upgrade process with Mandrake was . . . . a disaster. From what I understand Redhat and Mandrake are pretty close. I certainly wouldn't switch to Redhat then. As for security, I have had several times that my internet connection was messed up and the md5 sums didn't match. Portage didn't hesitate to delete those puppies and let me know that something was changed. It would seem to me that it would be difficult for someone to change the source code on one server then change the other files on the rsync server so they both match up. Well, that my $0.02 worth. Some of what is being said just doesn't make sense to me at all. Gentoo is a lot better than some distros. It certainly beats windoze. Dale :-) :-) :-) -- www.myspace.com/dalek1967 -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Re: Good arguments to use Gentoo Linux?
On Tuesday 23 January 2007 11:19, Dale wrote: Daniel da Veiga wrote: As someone who started out using Mandrake, I have to say that using Gentoo has been a LOT easier. Yea, I had to learn how to use Gentoo and it is different from Mandrake by far but it is a whole lot easier to manage. I have been using Gentoo for about 2 or 3 years for my desktop and I would not consider switching to any other distro. I spend a lot less time messing with my Gentoo install that I did Mandrake. The upgrade process with Mandrake was . . . . a disaster. From what I understand Redhat and Mandrake are pretty close. I certainly wouldn't switch to Redhat then. As for security, I have had several times that my internet connection was messed up and the md5 sums didn't match. Portage didn't hesitate to delete those puppies and let me know that something was changed. It would seem to me that it would be difficult for someone to change the source code on one server then change the other files on the rsync server so they both match up. Well, that my $0.02 worth. Some of what is being said just doesn't make sense to me at all. Gentoo is a lot better than some distros. It certainly beats windoze. Dale I can add to this, my first distro was Mandrake too. It was pain to build something from source, gather all the dependencies just because they dont provide such binaries. Gentoo has huge collection of software to choose from and all overlys ... Martins -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Re: Good arguments to use Gentoo Linux?
Dale wrote: As someone who started out using Mandrake, I have to say that using Gentoo has been a LOT easier. Yea, I had to learn how to use Gentoo and it is different from Mandrake by far but it is a whole lot easier to manage. I have been using Gentoo for about 2 or 3 years for my desktop and I would not consider switching to any other distro. I spend a lot less time messing with my Gentoo install that I did Mandrake. The upgrade process with Mandrake was . . . . a disaster. From what I understand Redhat and Mandrake are pretty close. I certainly wouldn't switch to Redhat then. As for security, I have had several times that my internet connection was messed up and the md5 sums didn't match. Portage didn't hesitate to delete those puppies and let me know that something was changed. It would seem to me that it would be difficult for someone to change the source code on one server then change the other files on the rsync server so they both match up. Well, that my $0.02 worth. Some of what is being said just doesn't make sense to me at all. Gentoo is a lot better than some distros. It certainly beats windoze. Gotta second that - I have used Mandrake and Redhat, and Gentoo is such a better way - *once* you spend the time to understand why it is like it is! As for comments about portage sync etc producing destroyed|mangled|buggy systems - well *any* update system can do that from time to time (ask windows update users after xp sp2 came out...) A sane test-before-deploy plan is essential for any large scale environment - ISTM that this is just as straightforard in Gentoo as any other Linux distro So, I see no reason why ya can't use Gentoo in a corporate environment! Cheers Mark -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Re: Good arguments to use Gentoo Linux?
On Mon, 22 Jan 2007 18:12:07 -0800 (PST), Eric Bohn wrote: Using Portage you're putting yourself at the mercy of any Joe Schmoe with a proxy connection to a Gentoo server that wants to compromise your machine. How so? They'd have to get a compromised source tarball on the distfiles mirrors and a hacked ebuild into the CVS tree. Getting a hacked ebuild on the servers isn't enough, it would be replaced in no more than fifteen minutes. Why is this easier than getting a compromised RPM onto a Red Hat or SUSE server? -- Neil Bothwick I heard someone tried the monkeys-on-typewriters bit trying for the plays of W. Shakespeare but all they got was the collected works of Francis Bacon signature.asc Description: PGP signature
Re: [gentoo-user] Re: Good arguments to use Gentoo Linux?
On Tue, 23 Jan 2007 12:07:46 + Neil Bothwick [EMAIL PROTECTED] wrote: On Mon, 22 Jan 2007 18:12:07 -0800 (PST), Eric Bohn wrote: Using Portage you're putting yourself at the mercy of any Joe Schmoe with a proxy connection to a Gentoo server that wants to compromise your machine. How so? They'd have to get a compromised source tarball on the distfiles mirrors and a hacked ebuild into the CVS tree. Getting a hacked ebuild on the servers isn't enough, it would be replaced in no more than fifteen minutes. Why is this easier than getting a compromised RPM onto a Red Hat or SUSE server? Hi Neil, It'll be the same when the 'new' Manifest2 format is fully implemented. Haven't checked but you need at least ebuildeclass GPG-signing, etc. There was a discussion (on some Gentoo ML, IIRC 'security') a year or more ago, some very ancient Bug was mentioned. RPMs are signed (but check this again), BTW debs are too. The work is going on this, but i've no info about the progress made. HTH. Rumen -- gentoo-user@gentoo.org mailing list
[gentoo-user] Re: Good arguments to use Gentoo Linux?
qfpvajdy wrote: Hello, I would like to convince my boss and my collegues to use Gentoo GNU/Linux at the company office for the desktop system (and maybe one day also for servers). Currently everybody uses its own Linux/Unix system, but soon we could be forced to uses for everybody only one system. I must probably convince the people to use Gentoo Linux against RedHat Scientific Linux and FreeBSD. Does somebody has some good key arguments? No: I use Gentoo at home but could not imagine a place at my company. Gentoo requires a real internet connection when we are behind a restricted proxy Gentoo requires a lot of administration. For instance: etc-update (dispatch-conf) needs to be run after a package upgrade Gentoo takes time with compilation and requires fine tuning for things to work when we just a standard works-for-everybody application. Gentoo is not appropriate for my company. Mandriva or Suse would be better choices. The mines are: - newests packages with newests security updates, encryption support and full integreated KDE desktop to be used in office without problems like any desktop oriented distribution. Red Hat, Suse and Mandriva, Ubuntu offer the same. - high performance desktop Why do you compare only these three OS? Why is freebsd in this list? higher than the other Desktop distros? In my opinion, Gentoo is not appropriate for most companies. Now it depends... What are your criteria? - support? Gentoo has a great community, but so do ubuntu or Mandriva. But Mandriva, Suse and red Hat offer paid support, ie someone to blame whan things don't work - configuration? Do you need fine configuration (gentoo wins)? - easyness or put hands in the dirt? - cost of maintenance (I really doubt Gentoo wins) -- RĂ©gis -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Re: Good arguments to use Gentoo Linux?
On 1/22/07, Regis Decamps [EMAIL PROTECTED] wrote: qfpvajdy wrote: Hello, I would like to convince my boss and my collegues to use Gentoo GNU/Linux at the company office for the desktop system (and maybe one day also for servers). Currently everybody uses its own Linux/Unix system, but soon we could be forced to uses for everybody only one system. I must probably convince the people to use Gentoo Linux against RedHat Scientific Linux and FreeBSD. Does somebody has some good key arguments? No: I use Gentoo at home but could not imagine a place at my company. Gentoo requires a real internet connection when we are behind a restricted proxy We are behind a restricted proxy in a secure environment at a govern building, and yet I have a couple of servers and desktops running Gentoo flawlessly for about an year. Gentoo requires a lot of administration. For instance: etc-update (dispatch-conf) needs to be run after a package upgrade Only if you upgrade frequently, for ordinary use, you'll install and upgrade specific packages, most do not require any intervention, while when you decide to do a major upgrade you won't need a release CD with lots of stuff you don't need, while burning your configs in the upgrade process, besides you won't need to know the twelve packages that will need upgrade to let you use the new/upgraded application. Gentoo takes time with compilation and requires fine tuning for things to work when we just a standard works-for-everybody application. Time with compilation in a distributed environment with binary packages is almost zero, if you want to, the fact is that Gentoo serves ANY application, you just have to configure it ONCE and it's ready for almost any environment. A bit of inicial tunning saves time in a dozen later installs/upgrades. Gentoo is not appropriate for my company. Mandriva or Suse would be better choices. For the above reasons, you should reconsider... The mines are: - newests packages with newests security updates, encryption support and full integreated KDE desktop to be used in office without problems like any desktop oriented distribution. Red Hat, Suse and Mandriva, Ubuntu offer the same. In fact, they don't, they offer releases, else you will have to use their package management system to upgrade, and portage is the only one who has never crashed on me beyond repair. - high performance desktop Why do you compare only these three OS? Why is freebsd in this list? higher than the other Desktop distros? I totally agree with that... In my opinion, Gentoo is not appropriate for most companies. Now it depends... What are your criteria? - support? Gentoo has a great community, but so do ubuntu or Mandriva. But Mandriva, Suse and red Hat offer paid support, ie someone to blame whan things don't work You can buy support for Gentoo from any company that offers it, the same as you can with almost any other distro... - configuration? Do you need fine configuration (gentoo wins)? Easy configuration is better than fine, etc protection, rc-update, portage itself, they're all systems that you can use to distribute/automate configuration... - easyness or put hands in the dirt? Gentoo is easy, you just have to get used to it, just like every other distro out there... - cost of maintenance (I really doubt Gentoo wins) It depends on the staff you have and/or the support you bought. Gentoo has proven to be cheap and reliable. -- Daniel da Veiga Computer Operator - RS - Brazil -BEGIN GEEK CODE BLOCK- Version: 3.1 GCM/IT/P/O d-? s:- a? C++$ UBLA++ P+ L++ E--- W+++$ N o+ K- w O M- V- PS PE Y PGP- t+ 5 X+++ R+* tv b+ DI+++ D+ G+ e h+ r+ y++ --END GEEK CODE BLOCK-- -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Re: Good arguments to use Gentoo Linux?
In the US, I'm almost certain you wouldn't be able to get away with running Gentoo, and more specifically, Portage, the way you apparently do in a secure govt environment. There's probably a federal directive or regulation somewhere that prevents machines being run in govt organizations from using non-standard or officially unapproved technology and/or procedures, and for good reason... I've had Portage hose my Gentoo install twice before to the point that I could no longer run Portage, and I run stable, not testing. Using Portage you're putting yourself at the mercy of any Joe Schmoe with a proxy connection to a Gentoo server that wants to compromise your machine. Even most commercial organizations, for job critical computing, have administrators that establish mirror servers for software testing prior to internal distribution. It didn't sound like the OP was intending for anyone to do sys admin tasks with Gentoo either, I imagine that could prove to be risky using any Linux distro. We won't tell. Get more on shows you hate to love (and love to hate): Yahoo! TV's Guilty Pleasures list. http://tv.yahoo.com/collections/265 -- gentoo-user@gentoo.org mailing list
Re: [gentoo-user] Re: Good arguments to use Gentoo Linux?
On 1/22/07, Eric Bohn [EMAIL PROTECTED] wrote: In the US, I'm almost certain you wouldn't be able to get away with running Gentoo, and more specifically, Portage, the way you apparently do in a secure govt environment. There's probably a federal directive or regulation somewhere that prevents machines being run in govt organizations from using non-standard or officially unapproved technology and/or procedures, and for good reason... I know of many universities, not only from Brazil, but around the world, that use Gentoo. There are many security features in portage, and I believe Gentoo servers and mirrors have some security also, else it would be too easy to compromise thousands of installations around the world, and no cracker would miss this opportunity. Non-standard and officially unapproved technology sounds more like put someone in control of all tech used in the public sector of IT, more like antitrust than standardizing. I've had Portage hose my Gentoo install twice before to the point that I could no longer run Portage, and I run stable, not testing. Using Portage you're putting yourself at the mercy of any Joe Schmoe with a proxy connection to a Gentoo server that wants to compromise your machine. Even most commercial organizations, for job critical computing, have administrators that establish mirror servers for software testing prior to internal distribution. As I mentioned before, I don't think we are at the mercy of any cracker around by using Gentoo. Of course some level of security would be needed, any OS requires that, but lets not hijack this thread, as the OP was talking about DESKTOP installations. It didn't sound like the OP was intending for anyone to do sys admin tasks with Gentoo either, I imagine that could prove to be risky using any Linux distro. Yeah, that's one more reason for a Gentoo install. And just for the record, ANY OS needs sys admin tasks once in a while, if not for initial install, because of breakage, and believe me, I had my quota of breakage before using Gentoo. -- Daniel da Veiga Computer Operator - RS - Brazil -BEGIN GEEK CODE BLOCK- Version: 3.1 GCM/IT/P/O d-? s:- a? C++$ UBLA++ P+ L++ E--- W+++$ N o+ K- w O M- V- PS PE Y PGP- t+ 5 X+++ R+* tv b+ DI+++ D+ G+ e h+ r+ y++ --END GEEK CODE BLOCK-- -- gentoo-user@gentoo.org mailing list
