On 9 July 2013 14:24, Florian Pritz <bluewind@xinu.at> wrote:
On 09.07.2013 12:13, M Saunders wrote:
I'm still left wondering though: who uses it on production servers? I mean, the distro's overall simplicity and trimmed-down base installation are plus points here, but surely a rolling release poses problems. After installation you just want security and critical bug fix updates for software, and not major version bumps, right?
I've seen at least 2 or 3 kernel exploits that were mitigated by newer kernel versions (which we had, debian didn't). Obviously there have been other issues which could only be exploited in more recent kernel versions which didn't affect debian.
Then there are those issues where there is a patch but no new release so it might not get fixed in arch until the next release (no security team nor policy for such patches).
In terms of updating breakage it doesn't matter what you use, updating will eventually result in breakage, but if you know the system well enough you will have a much easier time fixing it.
I had a case where a few debian servers got upgraded after something like 1.5 years and spamassassin suddenly used a lot more resources. Since basically every package jumped lots of versions finding the package responsible for that was kind of impossible so they just bought a bunch more servers to deal with the higher load.
On arch you could probably narrow it down and fix the software. Might not be cheaper and might not be what you want (cool new feature causing the issue maybe), but at least you aren't left in the dark.
I'm not sure if either distro is more time intensive, I think you will just spend your time differently. Also investing time in anything will result in knowledge so I'm not sure if that's a bad thing.
If you don't know what you are doing, don't run a server with arch. But then you shouldn't be running a server in that case anyway. As Allan once said: "If you have to ask, then no".
I'd say neither solution (rolling-release vs "stable and secure") is better, they are just different. Get to know your tool (distro) and decide for yourself.
I have ran (home) servers on both Arch Linux and Debian, and found that the Arch Linux ones require more work to keep it up to date, but offer way more software (and closer to upstream). Stability is not garantueed however, and you are responsible for keeping each and every feature working. Debian, on the other hand, is more stable out of the box and requires less updating. Its software is nowhere near upstream, though. For example systemd (if you don't opt for the default outdated sysvinit) is still at version 88, missing a lot of crucial functionality from the later versions. Arch can be used as a server distro, but if you prefer low maintenance, use something else.