[ale] Redhat security updates available on RHN only ?

Thu Aug 15 21:37:19 EDT 2002

Joe,

I don't expect Redhat to download files to my machine at all.

I installed Redhat in much the same way as I intall debian, or
slackware, or any number of other distributions. If Redhat eliminated
updates (free or otherwise) altogether that would be fine with me. My
issue is this - Redhat offers and encourages users to use the up2date
tool to keep their system current. I don't recall ever seeing an option to
choose any mirror. I have seen many discussions regarding perl scripts or
other tools to query rpmfind.net and other sources to get current rpms.
The existence of these conversations lead me to the conclusion that
mirrors are non-existant or have reduced function in some way.

Many developers have donated their time and effort to make Linux a
usable tool that is superior to other OS choices in many ways. I offer
what I can in the way of helping new users and spending time on irc
answering the questions that I am able to assist with. Redhat has
introduced this tool and has not indicated that the software supports
mirrors in any meaningful way (I still haven't seen anything to indicate
that up2date supports mirrors). 

For new users to enjoy the fruits of so
many developers' donated efforts and to be left with the impression that
they must pay Redhat to get updates to these packages is misleading.

I would also challenge your assertion that Redhat does it because they
are nice guys. I believe Redhat does it because it is good business.
They may be nice but few if any experienced Linux users would use a
distribution that charged for a service that is freely available so many
other places. It would be hard to sell support for packages like
Interchange if experienced Linux users were all using other
distributions.

Here are some additional links regarding up2date that I think are
appropriate:

https://lists.dulug.duke.edu/pipermail/current-server/2002-March/000234.html

<snip>

It seems RedHat is being a little odd with the RHN. They yesterday
admitted they won't be open sourcing the RHN server software. Which I
took to mean the RHN Satellite software. It is still unclear if that
includes RHN Proxy, but I think it will be closed source also. Their
reason for this is because it is software used to provide a service. To
me this means, they don't want to give out the software they wrote and
have competition providing RHN like services. Which to me is a sad sad
statement, since RedHat has always bragged about being completely Open
Source. They did also mention their distribution build tools in the same
breathe, another thing they haven't release source to. I also suspect
that since they are using Oracle, and probably have had to tie into
Oracle interface libraries, they might not have a choice in releasing it
Open Source. They have talked about converting it to something like
Postgres in the future, but currently Oracle is the only database that
will handle the work load of providing RHN service to all their
customers. Which may also mean they might convert RHN Satellite to
Postgres in the future, since it won't need to work under such a huge
workload, once they get around to it.
</snip>

and

http://www.antipope.org/charlie/linux/shopper/161.html

<snip>

At least, up2date was a good idea until last week, when Red Hat
announced that they're going to charge for the service, leaving users
who rely on it for the patch-upgrade cycle swinging in the wind next
time a worm comes calling. This is a really sensible policy -- not!
In fact, if Red Hat want to develop a reputation for being worm-friendly,
this is about the best way to do it: pull the rug from under
inexperienced administrators who don't know how to compile BIND from the
original sources and who run into difficulties applying security patches to an 
old system by hand. 
</snip>	

I suggest RedHat to many new Linux users. I would suggest it more often and
more freely knowing that they were forthcoming with the options that
exist to update the machines that run that distribution. 

NOTE: *Don't flame
me for saying that Redhat is for newbies - I am giving credit where it
is due. Redhat and Mandrake are very good at recognizing hardware and
getting X going and finding what modules are needed....). I have already
said there are many knowledgable Linux users that use Redhat.*

I am encouraged to see tools such as apt-rpm see
(http://apt-rpm.tuxfamily.org/) for more details.

David

On Thu, Aug 15, 2002 at 03:44:56PM -0700, Joe Bayes wrote:
> David Bronson typeth:
> 
> >I certainly don't expect redhat to do
> >anything for free, but to position itself as a large distribution and
> >then use as a primary tool to update its software - a product that is
> >difficult if not impossible to choose to use a non-redhat mirror. That
> >is somewhat M$ish.
> 
> In my configuration file, I have:
> 
>   serverURL[comment]=Remote server URL
>   serverURL=https://www.rhns.redhat.com/XMLRPC
> 
> Have you tried changing this line to a non-redhat machine?
> 
> I don't understand...it sounds like you are expecting redhat to
> download files to your machine. But you haven't paid them any
> money. How is it that you're not expecting them to do something for
> free? 
> 
> If you pay them for the service of downloading files to you, they will
> do so. If you don't, they will still do so, using spare bandwidth,
> 'cause they're nice guys. Expecting them to buy extra bandwidth to
> service the freeloaders doesn't seem entirely reasonable. 
> 
> --joe
> 
> 
> 
> --
> Joe Bayes -- jbayes at spoo.mminternet.com
> 
> ---
> This message has been sent through the ALE general discussion list.
> See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
> sent to listmaster at ale dot org.
> 

---
This message has been sent through the ALE general discussion list.
See http://www.ale.org/mailing-lists.shtml for more info. Problems should be 
sent to listmaster at ale dot org.