On Tue, Mar 21, 2006 at 11:33:47AM +0100, Felix Schwarz wrote:
> Henrik Krohns wrote:
> > Maybe this is a bit offtopic, but why does everyone insist on using RPM/DEB
> > whatever packages for everything?
> > In my humble opinion, amavisd-new/spamassassin is much easier to handle when
> > you compile own perl instance to /usr/local/perl. You can update it or your
> > system as much as you want, and you know they wont break each other. I've
> > never had any problems this way.
> For me it is /way/ faster using "yum install" (including dependency
> resolution!) than installing everything by hand.
Good for you, for many it doesn't seem to be that easy.
> Second, upgrading is easier (yum update) if the packager did his/her
> job well. And since most packagers know the software much better than
> I do (which is the case for 99,9% of all programs), they will prevent
> me from doing anything bad.
Thats a bit of a stretch. You need to know the software to do your job
properly. I could never trust packagers decisions on essential packages,
there might be configs or compile options I do not want.
> I don't have to monitor all the lists to be notified when a security hole
> appears, I just do regular "yum update"s.
I think I would not hire anyone for security position, who didn't want to
know about current security issues..
> Third, when using CentOS/RHEL I get security updates for several years
> (RHEL: 7 years). Just being able to update my system in order to be
> "secure" saves so much time! Of course this is point is not valid for
> software from repositories such as DAG, Dries etc. as they don't have
> the resources to backport all fixes and do thorough quality
> assurance but I can stay with my version of Perl for example.
> Using RPMs as much as possible means that I only have to care about
> five custom software packages for my servers (custom Exim, DSPAM,
> Bacula with special options, my own web application and soon
> amavisd-new because I need DSPAM-integration).
Come on, like you would have to compile perl every week to be secure. :)
Naturally it is easy to update BASE system with packaging, I do it too.
Problem here was perl/amavisd-new and module dependencies. How many times
people have complained here when some system update broke them?
> And even this software is packaged with RPM as this eases quality
> assurance for me (the version/configuration installed on the servers
> is the same as I had on my test system - less possibilities to forgot
> one or two commands which may cause errors later).
So build RPM from your custom build perl/amavisd-new..