[gentoo-user] Re: Good arguments to use Gentoo Linux?

[gentoo-user] Re: Good arguments to use Gentoo Linux?

[Regis Decamps]

qfpvajdy wrote:
> Hello,
> 
> 
> 
> I would like to convince my boss and my collegues to use Gentoo GNU/Linux at the company office for the desktop system (and maybe one day also for servers).
> 
> Currently everybody uses its own Linux/Unix system, but soon we could be forced to uses for everybody only one system.
> 
> I must probably convince the people to use Gentoo Linux against RedHat Scientific Linux and FreeBSD.
> 
> 
> 
> Does somebody has some good key arguments?
> 
> 

No: I use Gentoo at home but could not imagine a place at my company.

Gentoo requires a real internet connection when we are behind a 
restricted proxy

Gentoo requires a lot of administration. For instance: etc-update 
(dispatch-conf) needs to be run after a package upgrade

Gentoo takes time with compilation and requires fine tuning for things 
to work when we just a standard works-for-everybody application.

Gentoo is not appropriate for my company. Mandriva or Suse would be 
better choices.


> 
> The mines are:
> 
> - newests packages with newests security updates, encryption support and full integreated KDE desktop to be used in office without problems
> 

like any "desktop oriented" distribution. Red Hat, Suse and Mandriva, 
Ubuntu offer the same.

> - high performance desktop

Why do you compare only these three OS? Why is freebsd in this list?

higher than the other Desktop distros?

In my opinion, Gentoo is not appropriate for most companies. Now it 
depends... What are your criteria?

- support? Gentoo has a great community, but so do ubuntu or Mandriva. 
But Mandriva, Suse and red Hat offer paid support, ie someone to blame 
whan things don't work
- configuration? Do you need fine configuration (gentoo wins)?
- easyness or "put hands in the dirt"?
- cost of maintenance (I really doubt Gentoo wins)

-- 
Régis

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Re: Good arguments to use Gentoo Linux?

[Daniel da Veiga]

On 1/22/07, Regis Decamps <decamps@users.sf.net> wrote:
> qfpvajdy wrote:
> > Hello,
> >
> >
> >
> > I would like to convince my boss and my collegues to use Gentoo GNU/Linux at the company office for the desktop system (and maybe one day also for servers).
> >
> > Currently everybody uses its own Linux/Unix system, but soon we could be forced to uses for everybody only one system.
> >
> > I must probably convince the people to use Gentoo Linux against RedHat Scientific Linux and FreeBSD.
> >
> >
> >
> > Does somebody has some good key arguments?
> >
> >
>
> No: I use Gentoo at home but could not imagine a place at my company.
>
> Gentoo requires a real internet connection when we are behind a
> restricted proxy

We are behind a restricted proxy in a secure environment at a govern
building, and yet I have a couple of servers and desktops running
Gentoo flawlessly for about an year.

>
> Gentoo requires a lot of administration. For instance: etc-update
> (dispatch-conf) needs to be run after a package upgrade

Only if you upgrade frequently, for ordinary use, you'll install and
upgrade specific packages, most do not require any intervention, while
when you decide to do a major upgrade you won't need a release CD with
lots of stuff you don't need, while burning your configs in the
upgrade process, besides you won't need to know the twelve packages
that will need upgrade to let you use the new/upgraded application.

>
> Gentoo takes time with compilation and requires fine tuning for things
> to work when we just a standard works-for-everybody application.

Time with compilation in a distributed environment with binary
packages is almost zero, if you want to, the fact is that Gentoo
serves ANY application, you just have to configure it ONCE and it's
ready for almost any environment. A bit of inicial tunning saves time
in a dozen later installs/upgrades.

>
> Gentoo is not appropriate for my company. Mandriva or Suse would be
> better choices.
>

For the above reasons, you should reconsider...

>
> >
> > The mines are:
> >
> > - newests packages with newests security updates, encryption support and full integreated KDE desktop to be used in office without problems
> >
>
> like any "desktop oriented" distribution. Red Hat, Suse and Mandriva,
> Ubuntu offer the same.

In fact, they don't, they offer releases, else you will have to use
their package management system to upgrade, and portage is the only
one who has never crashed on me beyond repair.

>
> > - high performance desktop
>
> Why do you compare only these three OS? Why is freebsd in this list?
>
> higher than the other Desktop distros?

I totally agree with that...

>
> In my opinion, Gentoo is not appropriate for most companies. Now it
> depends... What are your criteria?
>
> - support? Gentoo has a great community, but so do ubuntu or Mandriva.
> But Mandriva, Suse and red Hat offer paid support, ie someone to blame
> whan things don't work

You can buy support for Gentoo from any company that offers it, the
same as you can with almost any other distro...

> - configuration? Do you need fine configuration (gentoo wins)?

Easy configuration is better than fine, etc protection, rc-update,
portage itself, they're all systems that you can use to
distribute/automate configuration...

> - easyness or "put hands in the dirt"?

Gentoo is easy, you just have to get used to it, just like every other
distro out there...

> - cost of maintenance (I really doubt Gentoo wins)

It depends on the staff you have and/or the support you bought. Gentoo
has proven to be cheap and reliable.

-- 
Daniel da Veiga
Computer Operator - RS - Brazil
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GCM/IT/P/O d-? s:- a? C++$ UBLA++ P+ L++ E--- W+++$ N o+ K- w O M- V-
PS PE Y PGP- t+ 5 X+++ R+* tv b+ DI+++ D+ G+ e h+ r+ y++
------END GEEK CODE BLOCK------
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Re: Good arguments to use Gentoo Linux?

[Eric Bohn]

In the US, I'm almost certain you wouldn't be able to get away with running Gentoo, and more specifically, Portage, the way you apparently do in a secure govt environment.  There's probably a federal directive or regulation somewhere that prevents machines being run in govt organizations from using non-standard or officially unapproved technology and/or procedures, and for good reason...

I've had Portage hose my Gentoo install twice before to the point that I could no longer run Portage, and I run stable, not testing.  Using Portage you're putting yourself at the mercy of any Joe Schmoe with a proxy connection to a Gentoo server that wants to compromise your machine.  Even most commercial organizations, for job critical computing, have administrators that establish mirror servers for software testing prior to internal distribution.

It didn't sound like the OP was intending for anyone to do sys admin tasks with Gentoo either, I imagine that could prove to be risky using any Linux distro.


 
____________________________________________________________________________________
We won't tell. Get more on shows you hate to love 
(and love to hate): Yahoo! TV's Guilty Pleasures list.
http://tv.yahoo.com/collections/265 

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Re: Good arguments to use Gentoo Linux?

[Daniel da Veiga]

On 1/22/07, Eric Bohn <bsee_1991@yahoo.com> wrote:
> In the US, I'm almost certain you wouldn't be able to get away with running Gentoo, and more specifically, Portage, the way you apparently do in a secure govt environment.  There's probably a federal directive or regulation somewhere that prevents machines being run in govt organizations from using non-standard or officially unapproved technology and/or procedures, and for good reason...
>

I know of many universities, not only from Brazil, but around the
world, that use Gentoo. There are many security features in portage,
and I believe Gentoo servers and mirrors have some security also, else
it would be too easy to compromise thousands of installations around
the world, and no cracker would miss this opportunity.

Non-standard and officially unapproved technology sounds more like
"put someone in control of all tech used in the public sector of IT",
more like antitrust than standardizing.

> I've had Portage hose my Gentoo install twice before to the point that I could no longer run Portage, and I run stable, not testing.  Using Portage you're putting yourself at the mercy of any Joe Schmoe with a proxy connection to a Gentoo server that wants to compromise your machine.  Even most commercial organizations, for job critical computing, have administrators that establish mirror servers for software testing prior to internal distribution.
>

As I mentioned before, I don't think we are at the mercy of any
cracker around by using Gentoo. Of course some level of security would
be needed, any OS requires that, but lets not hijack this thread, as
the OP was talking about DESKTOP installations.

> It didn't sound like the OP was intending for anyone to do sys admin tasks with Gentoo either, I imagine that could prove to be risky using any Linux distro.
>

Yeah, that's one more reason for a Gentoo install. And just for the
record, ANY OS needs sys admin tasks once in a while, if not for
initial install, because of breakage, and believe me, I had my quota
of breakage before using Gentoo.

-- 
Daniel da Veiga
Computer Operator - RS - Brazil
-----BEGIN GEEK CODE BLOCK-----
Version: 3.1
GCM/IT/P/O d-? s:- a? C++$ UBLA++ P+ L++ E--- W+++$ N o+ K- w O M- V-
PS PE Y PGP- t+ 5 X+++ R+* tv b+ DI+++ D+ G+ e h+ r+ y++
------END GEEK CODE BLOCK------
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Re: Good arguments to use Gentoo Linux?

[Dale]

Daniel da Veiga wrote:
> On 1/22/07, Eric Bohn <bsee_1991@yahoo.com> wrote:
>> In the US, I'm almost certain you wouldn't be able to get away with
>> running Gentoo, and more specifically, Portage, the way you
>> apparently do in a secure govt environment.  There's probably a
>> federal directive or regulation somewhere that prevents machines
>> being run in govt organizations from using non-standard or officially
>> unapproved technology and/or procedures, and for good reason...
>>
>
> I know of many universities, not only from Brazil, but around the
> world, that use Gentoo. There are many security features in portage,
> and I believe Gentoo servers and mirrors have some security also, else
> it would be too easy to compromise thousands of installations around
> the world, and no cracker would miss this opportunity.
>
> Non-standard and officially unapproved technology sounds more like
> "put someone in control of all tech used in the public sector of IT",
> more like antitrust than standardizing.
>
>> I've had Portage hose my Gentoo install twice before to the point
>> that I could no longer run Portage, and I run stable, not testing. 
>> Using Portage you're putting yourself at the mercy of any Joe Schmoe
>> with a proxy connection to a Gentoo server that wants to compromise
>> your machine.  Even most commercial organizations, for job critical
>> computing, have administrators that establish mirror servers for
>> software testing prior to internal distribution.
>>
>
> As I mentioned before, I don't think we are at the mercy of any
> cracker around by using Gentoo. Of course some level of security would
> be needed, any OS requires that, but lets not hijack this thread, as
> the OP was talking about DESKTOP installations.
>
>> It didn't sound like the OP was intending for anyone to do sys admin
>> tasks with Gentoo either, I imagine that could prove to be risky
>> using any Linux distro.
>>
>
> Yeah, that's one more reason for a Gentoo install. And just for the
> record, ANY OS needs sys admin tasks once in a while, if not for
> initial install, because of breakage, and believe me, I had my quota
> of breakage before using Gentoo.
>

As someone who started out using Mandrake, I have to say that using
Gentoo has been a LOT easier.  Yea, I had to learn how to use Gentoo and
it is different from Mandrake by far but it is a whole lot easier to
manage.  I have been using Gentoo for about 2 or 3 years for my desktop
and I would not consider switching to any other distro.  I spend a lot
less time messing with my Gentoo install that I did Mandrake.  The
upgrade process with Mandrake was . . . . a disaster.  From what I
understand Redhat and Mandrake are pretty close.  I certainly wouldn't
switch to Redhat then.

As for security, I have had several times that my internet connection
was messed up and the md5 sums didn't match.  Portage didn't hesitate to
delete those puppies and let me know that something was changed.  It
would seem to me that it would be difficult for someone to change the
source code on one server then change the other files on the rsync
server so they both match up. 

Well, that my $0.02 worth.  Some of what is being said just doesn't make
sense to me at all.  Gentoo is a lot better than some distros.  It
certainly beats windoze.

Dale

:-)  :-)  :-)

-- 
www.myspace.com/dalek1967

-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Re: Good arguments to use Gentoo Linux?

[Martins]

On Tuesday 23 January 2007 11:19, Dale wrote:
> Daniel da Veiga wrote:
>
> As someone who started out using Mandrake, I have to say that using
> Gentoo has been a LOT easier.  Yea, I had to learn how to use Gentoo and
> it is different from Mandrake by far but it is a whole lot easier to
> manage.  I have been using Gentoo for about 2 or 3 years for my desktop
> and I would not consider switching to any other distro.  I spend a lot
> less time messing with my Gentoo install that I did Mandrake.  The
> upgrade process with Mandrake was . . . . a disaster.  From what I
> understand Redhat and Mandrake are pretty close.  I certainly wouldn't
> switch to Redhat then.
>
> As for security, I have had several times that my internet connection
> was messed up and the md5 sums didn't match.  Portage didn't hesitate to
> delete those puppies and let me know that something was changed.  It
> would seem to me that it would be difficult for someone to change the
> source code on one server then change the other files on the rsync
> server so they both match up.
>
> Well, that my $0.02 worth.  Some of what is being said just doesn't make
> sense to me at all.  Gentoo is a lot better than some distros.  It
> certainly beats windoze.
>
> Dale

I can add to this, my first distro was Mandrake too. It was pain to build 
something from source, gather all the dependencies just because they dont 
provide such binaries. Gentoo has huge collection of software to choose from 
and all overlys ...

Martins
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Re: Good arguments to use Gentoo Linux?

[Mark Kirkwood]

Dale wrote:

> 
> As someone who started out using Mandrake, I have to say that using
> Gentoo has been a LOT easier.  Yea, I had to learn how to use Gentoo and
> it is different from Mandrake by far but it is a whole lot easier to
> manage.  I have been using Gentoo for about 2 or 3 years for my desktop
> and I would not consider switching to any other distro.  I spend a lot
> less time messing with my Gentoo install that I did Mandrake.  The
> upgrade process with Mandrake was . . . . a disaster.  From what I
> understand Redhat and Mandrake are pretty close.  I certainly wouldn't
> switch to Redhat then.
> 
> As for security, I have had several times that my internet connection
> was messed up and the md5 sums didn't match.  Portage didn't hesitate to
> delete those puppies and let me know that something was changed.  It
> would seem to me that it would be difficult for someone to change the
> source code on one server then change the other files on the rsync
> server so they both match up. 
> 
> Well, that my $0.02 worth.  Some of what is being said just doesn't make
> sense to me at all.  Gentoo is a lot better than some distros.  It
> certainly beats windoze.

Gotta second that - I have used Mandrake and Redhat, and Gentoo is such 
a better way - *once* you spend the time to understand why it is like it is!

As for comments about portage sync etc producing destroyed|mangled|buggy 
systems - well *any* update system can do that from time to time (ask 
windows update users after xp sp2 came out...) A sane test-before-deploy 
plan is essential for any large scale environment - ISTM that this is 
just as straightforard in Gentoo as any other Linux distro....

So, I see no reason why ya can't use Gentoo in a corporate environment!

Cheers

Mark
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Re: Good arguments to use Gentoo Linux?

[Neil Bothwick]

[-- Attachment #1: Type: text/plain, Size: 719 bytes --]

On Mon, 22 Jan 2007 18:12:07 -0800 (PST), Eric Bohn wrote:

> Using Portage you're putting yourself at the mercy of any Joe Schmoe
> with a proxy connection to a Gentoo server that wants to compromise
> your machine.

How so? They'd have to get a compromised source tarball on the distfiles
mirrors and a hacked ebuild into the CVS tree. Getting a hacked ebuild
on the servers isn't enough, it would be replaced in no more than fifteen
minutes.

Why is this easier than getting a compromised RPM onto a Red Hat or SUSE
server?


-- 
Neil Bothwick

I heard someone tried the monkeys-on-typewriters bit trying for the plays
of W. Shakespeare but all they got was the collected works of Francis
Bacon

[-- Attachment #2: signature.asc --]
[-- Type: application/pgp-signature, Size: 189 bytes --]

Re: [gentoo-user] Re: Good arguments to use Gentoo Linux?

[Rumen Yotov]

On Tue, 23 Jan 2007 12:07:46 +0000
Neil Bothwick <neil@digimed.co.uk> wrote:

> On Mon, 22 Jan 2007 18:12:07 -0800 (PST), Eric Bohn wrote:
> 
> > Using Portage you're putting yourself at the mercy of any Joe Schmoe
> > with a proxy connection to a Gentoo server that wants to compromise
> > your machine.
> 
> How so? They'd have to get a compromised source tarball on the
> distfiles mirrors and a hacked ebuild into the CVS tree. Getting a
> hacked ebuild on the servers isn't enough, it would be replaced in no
> more than fifteen minutes.
> 
> Why is this easier than getting a compromised RPM onto a Red Hat or
> SUSE server?
> 
> 
Hi Neil,
It'll be the same when the 'new' Manifest2 format is fully implemented.
Haven't checked but you need at least ebuild&eclass GPG-signing, etc.
There was a discussion (on some Gentoo ML, IIRC 'security') a year or
more ago, some very ancient Bug was mentioned.
RPMs are signed (but check this again), BTW debs are too.
The work is going on this, but i've no info about the progress made.
HTH. Rumen
-- 
gentoo-user@gentoo.org mailing list

Re: [gentoo-user] Re: Good arguments to use Gentoo Linux?

[Mick]

[-- Attachment #1: Type: text/plain, Size: 1630 bytes --]

On Tuesday 23 January 2007 12:07, Neil Bothwick wrote:
> On Mon, 22 Jan 2007 18:12:07 -0800 (PST), Eric Bohn wrote:
> > Using Portage you're putting yourself at the mercy of any Joe Schmoe
> > with a proxy connection to a Gentoo server that wants to compromise
> > your machine.
>
> How so? They'd have to get a compromised source tarball on the distfiles
> mirrors and a hacked ebuild into the CVS tree. Getting a hacked ebuild
> on the servers isn't enough, it would be replaced in no more than fifteen
> minutes.
>
> Why is this easier than getting a compromised RPM onto a Red Hat or SUSE
> server?

If you're *really* paranoid rsync twice (with a different mirror each time) 
then diff the package you intend to install to see if there's any suspect 
ebuilds.  Ditto for distfiles.  If in doubt compare gpg/MD5 sums with 
sourceforge, or the package developer's website/ftp server.  Of course, you 
could repeat three times over and see if there's a discrepancy with the diff 
comparison.  I mean, how much time have you available?  If you can script and 
you're managing a critical server for the MOD, or NASA, or what not, then you 
could probably automate the whole process and include random selections of 
servers.

If you go back 2-3 years I remember there was a compromise of some Gentoo 
mirrors and we were all reinstalling afresh.  I can't remember what the 
systemic weakness was, or if/how it was fixed - you may be able to dig 
something up from the Gmane archives.

Some times I feel quite relieved that I only manage a couple of boxen in my 
spare room.  :)
-- 
Regards,
Mick

[-- Attachment #2: Type: application/pgp-signature, Size: 189 bytes --]