Simone Piccardi wrote:
On 05/02/2013 04:08 PM, Quanah Gibson-Mount wrote:
--On Thursday, May 02, 2013 8:32 AM +0200 Denny Schierz linuxmail@4lin.net wrote:
but than you have to download, patch and update security fixes by your self.
Yep. Part of being a competent sys admin anyhow.
Sorry, I disagree.
A competent sysadmin has to make choices on how he has to employ his time. When having limited resources the choice you suggest can be easily seen as an incompetent wasting of time.
For example when you have to manage > 70 small server for > 70 school, applying security upgrade by recompiling apache, bind, samba, openldap (just to cite some of the services on them) every time is plain wrong. It's a waste of the scarce sysadmin time that could not be afforded.
A competent sysadmin knows how to leverage tools such that 7 servers or 7000 servers requires the same amount of hands-on time. One element of making this feasible is certainly to have the minimum possible variations in deployed configurations. But a frozen configuration that you built yourself with known components is just as viable for this purpose as one you obtained from a distro. And in most cases, due to distro lag times, a config you build yourself will be superior.
That's just an example, but there are lot of situations in which the solution to bad distribution packaging cannot be "recompile it by yourself and reinstall". Better to point to another distribution or to a good packaging (if they exist). Otherwise every competent sysadmin will use the packages, also if they are suboptimal.
I'm sorry to hear that Debian OpenLDAP packages are in a such bad state, but if, as it seems, there no distribution getting OpenLDAP right (I heard complaints also about RedHat), then I start thinking that something is not working fine, at least on the user end of OpenLDAP distribution.
Simone