On Mon, 2 May 2011, Joshua J. Kugler wrote:
> This is not flame bait, but could you expound on the reasons?
> Considering it's based on Debian, do you also not trust Debian as a
> server? To my knowledge (which could be WAAAAY off) there is not a lot
> of Canonical-specific code in the server packages, which should mean
> it's not much different than Debian (or upstream).
>
> Disclosure: I've used Ubuntu, CentOS, Debian, and RHEL in server
> capacities. All have run well. No pain, except the
> distribution-specific config-file tweak (such as different layouts for
> Apache, etc.).
I wouldn't touch any of them, myself. The problem lies in the list of
packages they all use for a "minimal" install, which is still anything but.
You're pretty much stuck with using kickstart or something similar to deploy
new machines with a true minimal base OS + desired services, or be resolved
to uninstalling a lot of crap.
That said, it's not to say that they can't do the job, they all can. It
just comes down to how much additional baggage (unused or not) they include,
and whether some of those won't open you up to local user privilege
escalation attacks, etc. You have to consider what level of risk you're
willing to accept.
The reality is that most people running those distros for personal or
internal LAN servers won't care, and can reasonably be considered relatively
low risk. I'm still not comfortable with the idea, but I don't think my
ideas are that popular. ;-)
--Arthur Corliss
Live Free or Die
---------
To unsubscribe, send email to <aklug-request@aklug.org>
with 'unsubscribe' in the message body.
Received on Mon May 2 20:50:37 2011
This archive was generated by hypermail 2.1.8 : Mon May 02 2011 - 20:50:37 AKDT