[ale] How do people deal with RHEL?

scott mcbrien smcbrien at gmail.com
Thu Mar 24 12:47:55 EDT 2011 

James,

As others point out, you're missing some really needed information,
such as what version of RHEL you're using.  Since you're using
up2date, I'm guessing not RHEL5 or 6.  But more importantly, while I
can understand your frustration moving from another, faster moving
distribution, you're missing the point of a distro like RHEL.

Let me precede this with a caveat about bias.  I'm a Red Hat guy,
since the very early days, and still use RHEL and Fedora, almost
exclusively.

But RHEL is an Enterprise distro, hence the E in RHEL.  It's targeted
towards customers who don't like change, so if you're using RHEL5, Red
Hat selected those packages prior to March 2007, if you're using
RHEL4, your distro was created prior to February 2005.  One of the
tenants of RHEL is that things DON'T/CAN'T change.  So if you're on
RHEL4, you're using the 2.6.9 kernel.  And until RHEL4 is end of
lifed, you're always going to be using kernel 2.6.9.  The same holds
true for your applications, libraries, programming languages, the
whole kit and caboodle.  So my first question is, was there even ntop
in February 2005?  If not, then it wasn't even a candidate for
inclusion.  Is ntop stable, and does it have an active development
community, because if not, either Red Hat will have to do a bunch of
backporting to maintain it, or will have to do engineering on their
own to fix things that the community isn't taking care of.  Neither of
these situations is desirable.

Beyond the age of software you might be using on your RHEL box,
there's also the selection of software.  Red Hat "Supports every bit
we ship", which means if Red Hat puts it in the RHEL distro, they're
obligated to answer questions and help people with it.  So if ntop is
available, is it a package that enough customers use that Red Hat
would feel remiss about not including it, AND, does Red Hat have the
expertise in their support and engineering organizations to support
this application?

Lastly, there are a bunch of other criteria, like does this require
kernel hooks or modifications, how does it play with other utilities,
are there conflicts with other utilities.  If any of those criteria
are deemed show stoppers, then it doesn't get included.

So, what if there's a piece of software you want and it's not in RHEL?
 Like someone else pointed out, there's EPEL.  EPEL is the Extra
Packages for Enterprise Linux yum repository.  It's maintained by the
Fedora community.  It turns out a lot of Fedora users also end up
using RHEL.  So there's a group of them that compile packages that are
in Fedora, but aren't in RHEL, for RHEL.  *** Because these package
are maintained by the Fedora Community, they are not supported by Red
Hat. ***  To get your package into EPEL, you have to be vetted, you
have to maintain it, and it has to be a supplement to the packages
that are already included in RHEL.  What I mean by that last bit is
that your package can't require a newer version or replacement of a
package that _is_ supplied by Red Hat.  That's not the case for some
of the other RHEL 3rd party repos like RPMFusion.

All this stuff means that if you have a PHP based application that you
put on RHEL5 and rolled out to production, in March 2014, that
application is still working because the PHP that came with RHEL5 is
the same.  And if for some reason you suspect that something has
changed, you call up Red Hat and start working a support ticket with
them to get it resolved.

Stability, Supportability, Static are the mantras of RHEL.

Ok, so James, you're obviously used to a faster moving distro, and
likely compiling your own software and stuff for it.  RESIST THAT URGE
on RHEL.  As a systems administrator, I often have people come up and
say "I need a newer version of php for my application to work, can you
put it on the system?"  NO.  If I were to do that, then in the future,
if I have an issue with apache and php, I call Red Hat and they tell
me that my version of PHP is not supported, and that I should use the
supported version, reproduce the problem and then they'd be happy to
help me.  But of course I can't do that because the app that is having
the problem only works with the newer PHP, so ...

Another common situation, for those of us who do credit card
processing, is that we get scanned by utilities like nessus.  The
person running the scan comes running in "ZOMG YOU'RE RUNNING APACHE
2.2.3, ZOMG ZOMG ZOMG HAXX! YOU HAVE TO UPGRADE NOW!!!!!"  No. No I
don't.  Red Hat has been backporting stuff from the upstream apache
into the 2.2.3 version that is supported on RHEL5.  In fact, if we
look at the changelog 'rpm -q --changelog httpd' you'll see that Red
Hat calls out the CVE numbers of every vunerability that has been
updated and fixed in this version, all the way back to apache's first
inclusion with the distro.  So auditor person, please send me the CVEs
you're concerned about, and I can verify that they've been fixed
without upgrading to a NON-SUPPORTED version of this software.

A long response, but I hope that helps your BLARG!!!!!! post.

-Scott

On Thu, Mar 24, 2011 at 10:51 AM, James Sumners <james.sumners at gmail.com> wrote:
> I mean really, this stupid distribution doesn't even include useful tools:
>
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
> $ sudo up2date ntop
>
> Fetching Obsoletes list for channel: rhel-i386-es-4...
> ########################################
>
> Fetching rpm headers...
> ########################################
>
> Name                                    Version              Rel
>        Arch
> ----------------------------------------------------------------------------------------
>
>
> The following packages you requested were not found:
> ntop
> ~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
>
> --
> James Sumners
> http://james.roomfullofmirrors.com/
>
> "All governments suffer a recurring problem: Power attracts
> pathological personalities. It is not that power corrupts but that it
> is magnetic to the corruptible. Such people have a tendency to become
> drunk on violence, a condition to which they are quickly addicted."
>
> Missionaria Protectiva, Text QIV (decto)
> CH:D 59
> _______________________________________________
> Ale mailing list
> Ale at ale.org
> http://mail.ale.org/mailman/listinfo/ale
> See JOBS, ANNOUNCE and SCHOOLS lists at
> http://mail.ale.org/mailman/listinfo
>

More information about the Ale mailing list