On 05/02/2013 04:08 PM, Quanah Gibson-Mount wrote:
--On Thursday, May 02, 2013 8:32 AM +0200 Denny Schierz email@example.com wrote:
but than you have to download, patch and update security fixes by your self.
Yep. Part of being a competent sys admin anyhow.
Sorry, I disagree.
A competent sysadmin has to make choices on how he has to employ his time. When having limited resources the choice you suggest can be easily seen as an incompetent wasting of time.
For example when you have to manage > 70 small server for > 70 school, applying security upgrade by recompiling apache, bind, samba, openldap (just to cite some of the services on them) every time is plain wrong. It's a waste of the scarce sysadmin time that could not be afforded.
That's just an example, but there are lot of situations in which the solution to bad distribution packaging cannot be "recompile it by yourself and reinstall". Better to point to another distribution or to a good packaging (if they exist). Otherwise every competent sysadmin will use the packages, also if they are suboptimal.
I'm sorry to hear that Debian OpenLDAP packages are in a such bad state, but if, as it seems, there no distribution getting OpenLDAP right (I heard complaints also about RedHat), then I start thinking that something is not working fine, at least on the user end of OpenLDAP distribution.