[arch-general] Arch Linux on servers?

Karol Babioch karol at babioch.de
Wed Jul 10 10:19:42 EDT 2013


Am 10.07.2013 13:59, schrieb Sébastien Luttringer:
> 7) Security
> Debian is not more secure because their softwares are old. It's a lie.
> Check the number of open flaw in the security bug tracker[10].
> If you want to be in a secure environment stay up-to-date, don't use
> debian stable, use debian sid. So Archlinux is a good alternative.

Nevertheless they have a policy as well as a team dedicated to these
issues in place. Coming along with this is a well accredited mailing
list informing you about current issues. Other "server distros" such as
RHEL (and/or centos) have something very similar.

As already pointed out Arch might not push all minor security releases
into the official repositories. Especially in case of a new major kernel
release, minor versions didn't always make it into the repositories in
the past. I can totally live with this on my PC, but on a server I
expect a little bit more on this front.

I don't think that you can seriously consider something to be a "server
distro" without a dedicated security policy and/or team, which will
follow the known databases and/or mailing lists making absolutely sure
that any security patches make it into the appropriate packages.

One reason we all love Arch is because it doesn't heavily patch any
packages. Therefore I'm not sure whether it is suited as a "server
distro" at all.

That said I'm using it myself on a couple of servers. However they are
not publicly accessible, but are only serving their local networks. As
pointed out the experience is a little bit different compared to
"conservative" distributions like Debian, but not necessarily worse.
There were updates in the past that broke a few things here and there,
but generally speaking updates work just fine. And when upgrading
packages to new versions, you will always run into problems. With Arch
you can tackle them one by one, whereas with Debian and its derivatives
you have to tackle them all at once with the next "dist-upgrade".

Best regards,
Karol Babioch

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 901 bytes
Desc: OpenPGP digital signature
URL: <http://mailman.archlinux.org/pipermail/arch-general/attachments/20130710/f216d815/attachment.asc>

More information about the arch-general mailing list