The power of good repository organization

Talking with a new colleague of mine the other day, I came to realize how blind I had been to one of our greatest strength in comparison with other linux distribution in one very fundamental aspect of it: our repositories structure . This is obviously something that we inherited from debian for its essence, but which was adapted a bit to ubuntu's need.

If you've been maintaining an Ubuntu system, I'm sure you are aware of the main, universe, multiverse and restricted components.  As a user or administrator, these provide you with the ability to install software from various sources, knowing what the maintainability of your resulting system will be.  Already this is of great value, and as an enterprise, it should be really important to know it.  Even though this is a key element in itself, as other "enterprise" Linux distribution do not offer it, this is something I had completely realized a long time ago, as I guess most of us administering systems.

The thing I had not realized until a few days ago was a a much more basic one, as it lays in the way we deliver updates, backports and security patches.  Most rpm based Linux distributions which I know do not have a clear way to differentiate between these three types of patches, and, unless you spend a fair amount of time setting up a system which will allow you to pick and choose which are which, applying updates to a system is generally an everything or nothing task.  Because Ubuntu distinguishes clearly between the three, and Ubuntu administrator does not have to worry about this.  

If an Ubuntu sysadmin wants to limit the risk of potential regressions on his system, which are generally introduced by update and backports, he has the immediate ability to only subscribe to security updates which will provide patches covering recently discovered potential security issues and just that.  This mean that while maintaining as stable a system as possible, he still is able with very minimal efforts to keep it as secure as possible at all time. This is so simple, so evident, that it had not occurred to me how important this was.  Realizing how important are simple things we tend to take for granted is such a revelation that I had to share this with my blog!
Share this

Comments

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.

So true. All those that

So true. All those that tries to install Dansguardian or any other software not included in the repositories will know exactly what I mean. I have a colleague that spend 1 week ti install it on Centos from source and 5 minutes in Debian, Dansguardian was available from 3rd party repos of Centos but didn't have AV support

A Sysadmin doesn't rely only on those archives

While I'll agree with you with most of your words, I have to say, that a Sysadmin does not only rely on trust. For Ubuntu, trust means, I work with all the guys who are preparing security fixes for packages in our archives. I trust them to do the right thing ™. But I know me, and I don't do sometimes the right thing, therefore even security updates alone can regress a system.

Ubuntu/Debian + Security Archive + testing on a testing system, installed and configured like the productive machine (yes, this is possible with automation, here FAI) will give you not only a satisfying feeling when everything works afterwards, but it will show your company environment that you are doing your job seriously and with knowledge.

Trust is good, trusting + testing is much better.

Regards,

\sh

Comment viewing options

Select your preferred way to display the comments and click "Save settings" to activate your changes.