| 1 |
On Wednesday 21 July 2004 11:38 am, Lina Pezzella wrote: |
| 2 |
|
| 3 |
> I agree completely with this suggestion. Personally at my workplace, my |
| 4 |
> boss was considering going with debian because you could specify to only |
| 5 |
> update for security reasons (through only placing security repositories |
| 6 |
> in sources.list). Fortunately for me, he had a few bad experiences with |
| 7 |
> debian developers and went with gentoo despite the lack of the |
| 8 |
> security-updates-only option. Adding an [S] option to emerge -pv would |
| 9 |
> certainly make our lives easier here, and at many corporations who don't |
| 10 |
> see the need to update regularly. |
| 11 |
> |
| 12 |
|
| 13 |
Friends, making Gentoo enterprise-ready is bigger in scope than just |
| 14 |
handling security updates. If all you want to do is to check for security |
| 15 |
updates, merge gentoolkit and use 'glsa-check'. |
| 16 |
|
| 17 |
It would be good to clarify what the goals are here, and what the specific |
| 18 |
issues are that need addressing. |
| 19 |
|
| 20 |
For the many of the IT shops who need more than a way to isolate security |
| 21 |
updates, I'll try to summarize with one word (I think) fits: predictable. |
| 22 |
That means: |
| 23 |
|
| 24 |
- knowing what each release contains (in detail, with version #s) |
| 25 |
- understanding what pkgs will get enhancements, and which ones will only |
| 26 |
get security updates & major bugfixes. |
| 27 |
- having enough information to know what a change specifically contains |
| 28 |
- a regular, time-based release schedule (such as every six months); thus |
| 29 |
an organization can time & plan its infrastructure changes with expected |
| 30 |
OS updates. |
| 31 |
- knowing that Gentoo does regression testing of security updates & major |
| 32 |
bugfixes back through old (but supported) releases before committing. |
| 33 |
|
| 34 |
... and etc, etc. This isn't a quick tweak to 'emerge', or a gentoolkit |
| 35 |
utility. I wish it were that simple. It involves improving Gentoo's |
| 36 |
practices and procedures, as well as enhancing portage to accommodate the |
| 37 |
necessary functions an enterprise customer receives currently with other |
| 38 |
operating systems, and expects ... (short of having paid commercial |
| 39 |
support). |
| 40 |
|
| 41 |
There are some things we can do-- because of Portage itself-- that set us |
| 42 |
apart from other distributions. Minimize the need for paid support. |
| 43 |
That should be, IMO, the underlying goal of this effort -- to give the |
| 44 |
users the enterprise tools they need to be self-reliant (i.e., not shoot |
| 45 |
one's self in the foot). |
| 46 |
|
| 47 |
Beyond that we need to start looking helping sites with large numbers of |
| 48 |
Gentoo machines with deployment and administration tools. No need to |
| 49 |
write our own stuff, the tools are already out there. We just need to |
| 50 |
package and integrate them with how we do things in Gentoo, and write |
| 51 |
enough supporting documentation. |
| 52 |
|
| 53 |
Cheers, |
| 54 |
Dylan Carlson [absinthe@g.o] |
| 55 |
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x708E165F |
| 56 |
|
| 57 |
-- |
| 58 |
gentoo-dev@g.o mailing list |
Archives