1 |
On Wednesday 21 July 2004 11:38 am, Lina Pezzella wrote: |
2 |
|
3 |
> I agree completely with this suggestion. Personally at my workplace, my |
4 |
> boss was considering going with debian because you could specify to only |
5 |
> update for security reasons (through only placing security repositories |
6 |
> in sources.list). Fortunately for me, he had a few bad experiences with |
7 |
> debian developers and went with gentoo despite the lack of the |
8 |
> security-updates-only option. Adding an [S] option to emerge -pv would |
9 |
> certainly make our lives easier here, and at many corporations who don't |
10 |
> see the need to update regularly. |
11 |
> |
12 |
|
13 |
Friends, making Gentoo enterprise-ready is bigger in scope than just |
14 |
handling security updates. If all you want to do is to check for security |
15 |
updates, merge gentoolkit and use 'glsa-check'. |
16 |
|
17 |
It would be good to clarify what the goals are here, and what the specific |
18 |
issues are that need addressing. |
19 |
|
20 |
For the many of the IT shops who need more than a way to isolate security |
21 |
updates, I'll try to summarize with one word (I think) fits: predictable. |
22 |
That means: |
23 |
|
24 |
- knowing what each release contains (in detail, with version #s) |
25 |
- understanding what pkgs will get enhancements, and which ones will only |
26 |
get security updates & major bugfixes. |
27 |
- having enough information to know what a change specifically contains |
28 |
- a regular, time-based release schedule (such as every six months); thus |
29 |
an organization can time & plan its infrastructure changes with expected |
30 |
OS updates. |
31 |
- knowing that Gentoo does regression testing of security updates & major |
32 |
bugfixes back through old (but supported) releases before committing. |
33 |
|
34 |
... and etc, etc. This isn't a quick tweak to 'emerge', or a gentoolkit |
35 |
utility. I wish it were that simple. It involves improving Gentoo's |
36 |
practices and procedures, as well as enhancing portage to accommodate the |
37 |
necessary functions an enterprise customer receives currently with other |
38 |
operating systems, and expects ... (short of having paid commercial |
39 |
support). |
40 |
|
41 |
There are some things we can do-- because of Portage itself-- that set us |
42 |
apart from other distributions. Minimize the need for paid support. |
43 |
That should be, IMO, the underlying goal of this effort -- to give the |
44 |
users the enterprise tools they need to be self-reliant (i.e., not shoot |
45 |
one's self in the foot). |
46 |
|
47 |
Beyond that we need to start looking helping sites with large numbers of |
48 |
Gentoo machines with deployment and administration tools. No need to |
49 |
write our own stuff, the tools are already out there. We just need to |
50 |
package and integrate them with how we do things in Gentoo, and write |
51 |
enough supporting documentation. |
52 |
|
53 |
Cheers, |
54 |
Dylan Carlson [absinthe@g.o] |
55 |
Public Key: http://pgp.mit.edu:11371/pks/lookup?op=get&search=0x708E165F |
56 |
|
57 |
-- |
58 |
gentoo-dev@g.o mailing list |