| 1 |
----Original Message----- |
| 2 |
From: BRM [mailto:bm_witness@×××××.com] |
| 3 |
Sent: Tuesday, September 30, 2008 1:36 PM |
| 4 |
To: gentoo-server@l.g.o |
| 5 |
Subject: Re: [gentoo-server] Server Packages for Gentoo |
| 6 |
|
| 7 |
How's this one? |
| 8 |
|
| 9 |
Sorry about that - ( I tried something different this time, but for the most part...) unfortunately I can't do anything about it since it's Yahoo's webmail interface...Also why I'm not replying in-line, but at the top. |
| 10 |
|
| 11 |
Ben |
| 12 |
|
| 13 |
|
| 14 |
|
| 15 |
----- Original Message ---- |
| 16 |
From: Robert Bridge <robert@××××××××.com> |
| 17 |
To: gentoo-server@l.g.o |
| 18 |
Sent: Tuesday, September 30, 2008 1:28:46 PM |
| 19 |
Subject: Re: [gentoo-server] Server Packages for Gentoo |
| 20 |
|
| 21 |
On Tue, 30 Sep 2008 09:17:42 -0700 (PDT) |
| 22 |
BRM <bm_witness@×××××.com> wrote: |
| 23 |
|
| 24 |
> That's a matter of choosing what you install; but that's not specific |
| 25 |
> to Gentoo. |
| 26 |
> |
| 27 |
> MySQL on Gentoo is not going to be any different than MySQL on RHEL |
| 28 |
> or SLES. However, stability - due to differences in versions, |
| 29 |
> patches, etc. - might be different; but should be close to the same. |
| 30 |
|
| 31 |
Except the Gentoo version will move a lot faster, potentially causing |
| 32 |
problems... |
| 33 |
|
| 34 |
BRM: Can you please fix you mail client so it includes the in-reply-to |
| 35 |
and/or references headers so that it stops spawning a new thread |
| 36 |
every time you reply. |
| 37 |
|
| 38 |
|
| 39 |
Now that I've seen some ideas, here is what I was thinking by enterprise-level software: |
| 40 |
|
| 41 |
Software that is secure within its domain, dedicated to a function, runs lean and without bloat, stable, as isolated from the OS as possible, and scalable. Software in this class must be part of some kind of security monitoring/advisory system (i.e. GLSA). Here's what I mean by all this: |
| 42 |
|
| 43 |
Secure within its domain means that it only get those privileges absolutely necessary to its function- it should not have to run as root, for example. It should be possible to isolate the security level of any given software package, and should not run as a user account with an easy-to-crack password. |
| 44 |
|
| 45 |
Dedicated to a function means it should not try to do it all- a DHCP server should manage IP addresses, not try to be a DNS, database, firewall, and desktop widget all at once. |
| 46 |
|
| 47 |
Running lean and without bloat means it should only use necessary resources- no memory holes to speak of, no extra features or gui's, if possible. |
| 48 |
|
| 49 |
Stable obviously means not prone to crashing. |
| 50 |
|
| 51 |
Isolated from the OS meaning that, when it does crash, it doesn't take the whole server with it- if it must crash, it should only affect its own domain, which should be easy to sanitize without requiring a server reboot (Linux does this very well natively anyway). |
| 52 |
|
| 53 |
Scalable is just what it means- deployable to a group of users as easily as to just one user. |
| 54 |
|
| 55 |
As a Linux server, the basic type is LAMP, which are packages that have a strong reputation. How about additional functions that a LAMP cannot handle? How about network-level authentication? I have read about the Linux version of AD, but I am more curious abobut experiences with the associated packages, as well as security and functionality weaknesses, as well as potential security oversights. Any thoughts? |
| 56 |
|
| 57 |
Thanks! |
Archives