<html xmlns:o="urn:schemas-microsoft-com:office:office" xmlns:v="urn:schemas-microsoft-com:vml" xmlns:w="urn:schemas-microsoft-com:office:word" xmlns:m="http://schemas.microsoft.com/office/2004/12/omml" xmlns="http://www.w3.org/TR/REC-html40">
<head>
<!-- Template generated by Exclaimer Mail Disclaimers on 03:05:35 Thursday, 6 March 2014 -->
<meta http-equiv="Content-Type" content="text/html; charset=utf-8">
<style type="text/css">P.f758a8b8-08bf-4bab-8d22-45dba9e71175 {
        MARGIN: 0cm 0cm 0pt
}
LI.f758a8b8-08bf-4bab-8d22-45dba9e71175 {
        MARGIN: 0cm 0cm 0pt
}
DIV.f758a8b8-08bf-4bab-8d22-45dba9e71175 {
        MARGIN: 0cm 0cm 0pt
}
TABLE.f758a8b8-08bf-4bab-8d22-45dba9e71175Table {
        MARGIN: 0cm 0cm 0pt
}
DIV.Section1 {
        page: Section1
}
</style>
<meta name="Generator" content="Microsoft Word 14 (filtered medium)">
<style><!--
/* Font Definitions */
@font-face
        {font-family:Calibri;
        panose-1:2 15 5 2 2 2 4 3 2 4;}
@font-face
        {font-family:Tahoma;
        panose-1:2 11 6 4 3 5 4 4 2 4;}
/* Style Definitions */
p.MsoNormal, li.MsoNormal, div.MsoNormal
        {margin:0in;
        margin-bottom:.0001pt;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
a:link, span.MsoHyperlink
        {mso-style-priority:99;
        color:blue;
        text-decoration:underline;}
a:visited, span.MsoHyperlinkFollowed
        {mso-style-priority:99;
        color:purple;
        text-decoration:underline;}
p
        {mso-style-priority:99;
        mso-margin-top-alt:auto;
        margin-right:0in;
        mso-margin-bottom-alt:auto;
        margin-left:0in;
        font-size:12.0pt;
        font-family:"Times New Roman","serif";}
p.MsoAcetate, li.MsoAcetate, div.MsoAcetate
        {mso-style-priority:99;
        mso-style-link:"Balloon Text Char";
        margin:0in;
        margin-bottom:.0001pt;
        font-size:8.0pt;
        font-family:"Tahoma","sans-serif";}
span.BalloonTextChar
        {mso-style-name:"Balloon Text Char";
        mso-style-priority:99;
        mso-style-link:"Balloon Text";
        font-family:"Tahoma","sans-serif";}
span.EmailStyle20
        {mso-style-type:personal-reply;
        font-family:"Calibri","sans-serif";
        color:#1F497D;}
.MsoChpDefault
        {mso-style-type:export-only;}
@page WordSection1
        {size:8.5in 11.0in;
        margin:1.0in 1.0in 1.0in 1.0in;}
div.WordSection1
        {page:WordSection1;}
--></style><!--[if gte mso 9]><xml>
<o:shapedefaults v:ext="edit" spidmax="1026" />
</xml><![endif]--><!--[if gte mso 9]><xml>
<o:shapelayout v:ext="edit">
<o:idmap v:ext="edit" data="1" />
</o:shapelayout></xml><![endif]-->
</head>
<body lang="EN-US" link="blue" vlink="purple">
<p class="f758a8b8-08bf-4bab-8d22-45dba9e71175"></p>
<div class="WordSection1">
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">In the past they had specific quotes on their site telling you not to use Fedora for Production. They seem to have gotten rid of that but this link:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><a href="http://fedoraproject.org/wiki/Objectives">http://fedoraproject.org/wiki/Objectives</a><o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Says in part:<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">“Objectives Outside of the Fedora Project<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">The Fedora Project is not interested in a slow rate of change between releases, but rather to be innovative. We do not offer a long-term release cycle because
it diverts attention away from innovation. For those community members who desire a long-term release cycle, there are derived distributions that satisfy this requirement. For community members who require a business-class support model beyond community maintenance,
we recommend Red Hat Enterprise Linux. Our center of innovation and fastest rate of change is in our development branch.”<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">It also in other areas mentions the short life time saying that essentially they do a new release every 6 months and typically only maintain 2 releases back.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">There are different philosophies on the ways to maintain things. Most enterprises live with applications far longer than the year offered by such an aggressive
release cycle. The fact that Fedora and other distros exist despite that is an indication that not everyone feels the need to go that route. However, if you work in organizations such as I have you find you’re often using legacy products that simply don’t
work on newer versions of things and/or are not supported by their vendors on those things. (In fact I just recently spoke to IBM about one of their Products we were running on HP-UX 11.11 and the “updated” version still only runs on HP-UX 11.11 on PA-RISC
even though HP quit making PA-RISC at the end of 2009 and had EOLed 11.11 long before that.)<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I’m sure the next post will be telling me I should be the tail that wags the dog and force the company to abandon the product (which in the IBM case we luckily
ARE doing) but that is not realistic in most organizations. Most companies do NOT exist to run IT – they run IT to help their existence so business considerations outweigh technology considerations almost always.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">By the way – the easier more obvious solution the security scanning issue I mentioned is simply to turn off the portion of the application that reports its
version. As I said the scanning software is brain dead so it seldom checks to see if you are ACTUALLY vulnerable – it just checks versions and if it can’t find one it ASSUMES you are NOT vulnerable.<o:p></o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><o:p> </o:p></span></p>
<p class="MsoNormal"><b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif"">From:</span></b><span style="font-size:10.0pt;font-family:"Tahoma","sans-serif""> ale-bounces@ale.org [mailto:ale-bounces@ale.org]
<b>On Behalf Of </b>Jim Kinney<br>
<b>Sent:</b> Thursday, March 06, 2014 2:29 PM<br>
<b>To:</b> Atlanta Linux Enthusiasts<br>
<b>Subject:</b> Re: [ale] NanoPC<o:p></o:p></span></p>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
<div>
<p class="MsoNormal" style="margin-bottom:12.0pt"><o:p> </o:p></p>
<div>
<p class="MsoNormal">On Thu, Mar 6, 2014 at 1:35 PM, Lightner, Jeff <<a href="mailto:JLightner@dsservices.com" target="_blank">JLightner@dsservices.com</a>> wrote:<o:p></o:p></p>
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">I was being facetious with the Fedora comment.</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Fedora is bleeding edge and they tell you NOT to use it for Production as most releases are not supported
for more than a year. You’d be constantly upgrading and probably breaking Production.</span><o:p></o:p></p>
</div>
</div>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">Fedora doesn't say "don't use our stuff". That seems to be a management line :-) I have more issues with ancient crap lying around only getting security fixes (RHEL4) or bug and security fixes (RHEL5) than still getting new hardware patches
as well as bug and security fixes (RHEL6). I ran fedora as public facing servers for years because it was where the best and most current security tools were found. Selinux in RHEL is 2-3 years behind. The long support releases like RHEL are for business who
never, EVER upgrade anything and are relying on 10+ year old applications for their core business that are not under active development. I get the allure but no code is perfect and it ALL requires updates over time (except the software that ran the space shuttle
- only 7 mistakes in 20+ years of use. Not bugs or crashes. Mistakes. As in all the processes were proven mathematically before coding began. there were 7 mistakes in implementation. NO errors, failures, bugs or crashes ever!).<o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"><br>
It is however used as a test bed for what ends up in RHEL eventually.</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">RHEL is a bit different from other distros as it focuses on stability by NOT updating every package
to the latest upstream version over time. Instead it starts with a given upstream version of a package then backports bug and security fixes into their version to help insure you’re not suddenly not changing underlying tools used by your static applications.
For most businesses this stability is an important consideration which is probably why it is so successful.</span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">We have the same issues with developers often saying “hey install the latest php” and having to explain
to them we won’t do that if it isn’t provided in the standard RHEL repositories.</span><o:p></o:p></p>
</div>
</div>
</blockquote>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">No matter how I look at it, php makes my skin crawl and will for a long time to come. The combination of php and mysql just screams "coding by kids with no understanding of good practices". Just because it's easy doesn't mean it's any
good.<o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><o:p></o:p></p>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D">Another issue we see is most security scanning tools are brain dead and will flag properly patched
RHEL versions of software as being vulnerable because they only look at the base upstream version and ignore the extended versioning RHEL puts its backported updates that address the same CVEs they’re flagging.</span><o:p></o:p></p>
</div>
</div>
</blockquote>
<div>
<p class="MsoNormal"><o:p> </o:p></p>
</div>
<div>
<p class="MsoNormal">ARGH!!! Very frustrating! Only solution is to use tools that are designed to work with the distro in use. Might as well run a windows scanner on a RHEL box for all the good that's doing.
<o:p></o:p></p>
</div>
<blockquote style="border:none;border-left:solid #CCCCCC 1.0pt;padding:0in 0in 0in 6.0pt;margin-left:4.8pt;margin-right:0in">
<div>
<div>
<p class="MsoNormal" style="mso-margin-top-alt:auto;mso-margin-bottom-alt:auto"><span style="font-size:11.0pt;font-family:"Calibri","sans-serif";color:#1F497D"> </span><span style="color:#1F497D"><o:p></o:p></span></p>
</div>
</div>
</blockquote>
</div>
</div>
</div>
</div>
<p></p>
<p class="f758a8b8-08bf-4bab-8d22-45dba9e71175"> </p>
<p class="f758a8b8-08bf-4bab-8d22-45dba9e71175"> </p>
<p class="f758a8b8-08bf-4bab-8d22-45dba9e71175"></p>
<p class="f758a8b8-08bf-4bab-8d22-45dba9e71175"><font face="Arial"><font color="fuchsia"><font style="FONT-FAMILY: Arial; FONT-SIZE: 10pt" size="2"></font></font></font> </p>
<p class="f758a8b8-08bf-4bab-8d22-45dba9e71175"> </p>
<p class="f758a8b8-08bf-4bab-8d22-45dba9e71175"><font face="Arial"><font color="fuchsia"><font style="FONT-FAMILY: Arial; FONT-SIZE: 10pt" size="2">Athena<font size="1">®</font>, Created for the Cause</font><font size="1">™
</font></font></font></p>
<p class="f758a8b8-08bf-4bab-8d22-45dba9e71175"><font size="2" face="Arial">Making a Difference in the Fight Against Breast Cancer</font></p>
<p class="f758a8b8-08bf-4bab-8d22-45dba9e71175"><font size="2" face="Arial"></font> </p>
<p class="f758a8b8-08bf-4bab-8d22-45dba9e71175"><font size="2" face="Arial"></font> </p>
<p class="f758a8b8-08bf-4bab-8d22-45dba9e71175"><font face="Arial"><font size="2"><strong>How and Why I Should Support Bottled Water!<br>
</strong>Do not relinquish your right to choose bottled water as a healthy alternative to beverages that contain sugar, calories, etc. Your support of bottled water will make a difference! Your signatures count! Go to
<a href="http://www.bottledwatermatters.org/luv-bottledwater-iframe/dswaters">http://www.bottledwatermatters.org/luv-bottledwater-iframe/dswaters</a> and sign a petition to support your right to always choose bottled water. Help fight federal and state issues,
such as bottle deposits (or taxes) and organizations that want to ban the sale of bottled water. Support community curbside recycling programs. Support bottled water as a healthy way to maintain proper hydration. Our goal is 50,000 signatures. Share this petition
with your friends and family today!</font></font></p>
<p class="f758a8b8-08bf-4bab-8d22-45dba9e71175"><font size="2" face="Arial"></font> </p>
<p class="f758a8b8-08bf-4bab-8d22-45dba9e71175"><span style="FONT-FAMILY: Arial; FONT-SIZE: 10pt">---------------------------------<br>
CONFIDENTIALITY NOTICE: This e-mail may contain privileged or confidential information and is for the sole use of the intended recipient(s). If you are not the intended recipient, any disclosure, copying, distribution, or use of the contents of this information
is prohibited and may be unlawful. If you have received this electronic transmission in error, please reply immediately to the sender that you have received the message in error, and delete it. Thank you.<br>
----------------------------------</span><span style="FONT-FAMILY: 'Courier New'; FONT-SIZE: 9pt"><o:p></o:p></span></p>
<p> </p>
<p></p>
<p></p>
</body>
</html>