User: Password:
|
|
Subscribe / Log in / New account

Fedora and Debian

Fedora and Debian

Posted Apr 8, 2004 12:35 UTC (Thu) by tarvin (subscriber, #4412)
Parent article: Which is the best distribution?

About Fedora: In my experience, Fedora Core 1 is a fine and stable release. The incorporation of the "yum" package utility has probably been the most important improvement for me, as it has removed most of the dependency hell which used to be associated with Red Hat Linux. I agree that FC 2 will have to be treated with great caution because it introduces several very invasive changes, and because the reviews of the first two beta releases haven't been very reassuring.

About Debian: Any recommendation of Debian should be accompanied with two warnings, in my opinion:
1) Debian still doesn't make much use of package signatures, as far as I can see. This means that it's uneasy to verify that a package is really a genuine Debian package.
2) Due to the conservative nature of Debian, the support for new hardware is rather poor in Debian (I was recently hit by this on some servers which weren't even that exotic).


(Log in to post comments)

Fedora and Debian

Posted Apr 9, 2004 15:18 UTC (Fri) by hazelsct (guest, #3659) [Link]

Package signatures are not practical in a distributed project like Debian: they would require that all users get the entire Debian maintainer keyring in order to verify packages. The system of checksums and signed Release files is equally secure, though as you say, not "easy" (yet).

Fedora and Debian

Posted Apr 9, 2004 21:48 UTC (Fri) by EricBackus (guest, #2816) [Link]

> Package signatures are not practical in a distributed
> project like Debian: they would require that all users
> get the entire Debian maintainer keyring in order to
> verify packages.

First of all, if Debian were so inclined, it could make it easy to get and verify the entire Debian maintainer keyring.

Second of all, the right solution would probably involve having a Debian Signer person (or group of people?) that signs packages, so end users need only verify against that one signature. The Debian Signer would of course have to be able to verify signatures from any Debian maintainer.

Third of all, even if making this work is difficult (which it shouldn't be), that's not a good enough excuse. Signed packages are *important*. Given that other distributions do this transparently and Debian doesn't, I really don't understand why anyone uses Debian at all.

Fedora and Debian

Posted Apr 15, 2004 17:24 UTC (Thu) by coolian (guest, #14818) [Link]

"Third of all, even if making this work is difficult (which it shouldn't be), that's not a good enough excuse. Signed packages are *important*. Given that other distributions do this transparently and Debian doesn't, I really don't understand why anyone uses Debian at all."

That is the most retarded conclusion I have ever heard. Maybe you should get a blood test done and see if you have a 23rd chromosome issue.


Copyright © 2017, Eklektix, Inc.
Comments and public postings are copyrighted by their creators.
Linux is a registered trademark of Linus Torvalds