Linked by Thom Holwerda on Tue 6th Mar 2007 15:56 UTC, submitted by Rob Phillips
Red Hat "The wait is almost over. It may have taken two weeks longer than Red Hat would have liked, but Red Hat Enterprise Linux 5, the updated version of the company's commercial Linux platform, will be launched along with a bevy of new products and services on March 14. The delivery of RHEL 5, the fourth major commercial server release for Red Hat, will better position its Linux against Novell's SUSE Linux Enterprise Server 10 as well as Windows, Unix, and proprietary platforms."
Order by: Score:
Prediction
by sbergman27 on Tue 6th Mar 2007 16:10 UTC
sbergman27
Member since:
2005-07-24

It will really be released on the 21st. ;-)

Reply Score: 3

RE: Prediction
by butters on Tue 6th Mar 2007 16:36 UTC in reply to "Prediction"
butters Member since:
2005-07-08

Speaking of predications, and as per our exchange from a couple days ago...

It will be released before Etch.

Reply Score: 4

RE[2]: Prediction
by solidsnake on Tue 6th Mar 2007 16:56 UTC in reply to "RE: Prediction"
solidsnake Member since:
2006-06-04

Yes, but Etch will be better. ;)

Reply Score: 3

RE[3]: Prediction
by anonymous_coward on Tue 6th Mar 2007 18:24 UTC in reply to "RE[2]: Prediction"
anonymous_coward Member since:
2005-11-15

Yes, but Etch will be better. ;)

Not in the security area. RHEL5 will have all the security features used in Fedora Core 6 -> http://www.awe.com/mark/blog/200701041544.html

I looked at build logs from Debian packages and they do not use FORTIFY_SOURCE, Stack Smashing Protector, network services are not compiled as PIE, etc. Feel free to prove me wrong ;)

PS That wasn't who voted you down.

Reply Score: 5

RE[4]: Prediction
by solidsnake on Tue 6th Mar 2007 20:15 UTC in reply to "RE[3]: Prediction"
solidsnake Member since:
2006-06-04

I don't worry about buffer_overflows or PIE compiled network issues. I have a Windows box for that.

I'm sorry for my bias comment, but I have used Debian and other Debian based distos for 5 years now and I am comfortable with the level of security that I have for my network.

Since I don't run a major computer network for a billion dollar business, maybe I don't really need RHEL 5. (I couldn't afford a copy anyway)

Eitherway, Etch will be perfect for me at least when it (someday) is released.

PS. To help your self esteem, I voted you up one.

Reply Score: 3

RE[5]: Prediction
by SEJeff on Tue 6th Mar 2007 22:28 UTC in reply to "RE[4]: Prediction"
SEJeff Member since:
2005-11-05

I honestly don't know why anyone would run Debian or any derivative on a server *ever*. Note that I am saying this while running an Ubuntu desktop.

Back many years ago, we used to joke and call Redhat "Roothat" because several consecutive releases had some sort of remote root in the default (or close to default) installation. Since then, Redhat has taken security seriously.

Redhat takes security proactively and here are a few examples:
- SELinux Mandatory Access Control Targetted policy by default
- Execshield kernel module to use the hardware NX bit in newer cpus AND help prevent some classes of buffer overflows
- Compiling applications with a special version of gcc using an extension called FORTIFY_SOURCE along with using -fstack-protector
- Hardening the c library its self with canary based stack protection (to prevent buffer overflows)
- PIE aka Position Independent Executables
- ELF data hardening

Redhat devotes some very brilliant people to do nothing more than improve the security of their enterprise distribution. People like Russell Coker, who are trying to include proactive security like SELinux into Debian Etch+1 by default get flamed off of the mailinglists.

It is pretty sad that people don't care as much about proactive security as Redhat. This is why no personal server of mine will ever run Debian. However, for a nice easy to use "Just Works TM" desktop, Debian derivatives like Ubuntu work great.

Reply Score: 5

RE[6]: Prediction
by lezard on Wed 7th Mar 2007 11:20 UTC in reply to "RE[5]: Prediction"
lezard Member since:
2005-10-11

Seriously, SeLinux is not the only option on earth to protect your system. Please take a look at RSBAC (used by Mandriva for instance): http://www.rsbac.org/
It's not like not supporting SeLinux is a proof of unsecure distribution.

Reply Score: 2

RE[7]: Prediction
by sbergman27 on Wed 7th Mar 2007 15:21 UTC in reply to "RE[6]: Prediction"
sbergman27 Member since:
2005-07-24

I'm not a big fan of Selinux for most common purposes. Unnecessary complexity is not the friend of good security, and Selinux has complexity in abundance.

Just look at how long it took the smart folks developing Fedora to get the policies right. Arguably, they *still* don't have them quite right.

Of course, for those specialized cases where such fine grained complexity is really needed, it may be a great fit.

But Selinux reminds me of a half joking remark I read about sendmail.cf somewhere a long time ago:

"Most people get their sendmail.cf from God (their distro)... and pray that it just works."

Edited 2007-03-07 15:21

Reply Score: 2

RE[6]: Prediction
by zombie process on Wed 7th Mar 2007 16:48 UTC in reply to "RE[5]: Prediction"
zombie process Member since:
2005-07-08

It would be nice if, by default, up2date didn't move existing and working configs to rpmsaves, replacing the configs with blank ones. There needs to be a new paradigm descriptor that isn't "security" which describes the ability for things to break your box. It isn't a security "issue" for an update to break existing installs silently, but it is a major fscking pain in the ass, and is very, very bad behavior.

Other than that, I'm very happy with red hat.

Reply Score: 1

RE[7]: Prediction
by MattPie on Wed 7th Mar 2007 18:23 UTC in reply to "RE[6]: Prediction"
MattPie Member since:
2006-04-18

It would be nice if, by default, up2date didn't move existing and working configs to rpmsaves, replacing the configs with blank ones.

In up2date --configure --nox, option 18:
Attribute Name: noReplaceConfig
Comment: When selected, no packages that would change configuration data are automatically installed

I think that's what you're looking for. Also, most of the time, packages create an '.rpmnew' file with the new config next to the existing config. This is on RHEL4.

Reply Score: 2

RE[7]: Prediction
by RockT on Thu 8th Mar 2007 09:09 UTC in reply to "RE[6]: Prediction"
RockT Member since:
2006-06-01

This seems to be a packaging bug then?
The config files should be tagged %config(noreplace), then you don't get rpmsaves only rpmnews.

Reply Score: 1

RE[5]: Prediction
by Liquidator on Wed 7th Mar 2007 01:05 UTC in reply to "RE[4]: Prediction"
Liquidator Member since:
2007-03-04

Since I don't run a major computer network for a billion dollar business, maybe I don't really need RHEL 5. (I couldn't afford a copy anyway)

You should give CentOS a shot. It's RHEL without the the trademark. Most webhosting companies use CentOS these days because it's arguably the most secure Linux.

Reply Score: 2

RE[6]: Prediction
by solidsnake on Wed 7th Mar 2007 03:41 UTC in reply to "RE[5]: Prediction"
solidsnake Member since:
2006-06-04

hmmmm.....

maybe I will try it on in another month or so. I looked at their website and it does look interesting.


Thanks:)

Reply Score: 1

RE[6]: Prediction
by Runesabre on Thu 8th Mar 2007 20:43 UTC in reply to "RE[5]: Prediction"
Runesabre Member since:
2006-08-14

After almost a year of debating what OS to put on my servers, I finally decided on CentOS. I'm happy with it so far. I also considered FreeBSD, OpenBSD, Debian, Solaris and Unbuntu Server.

The only installation hiccup I've had to work with is setting the BIOS properly on the server machines.

One server (Tyan Transport GT24 using the 2891 mobo) has a BIOS setting for OS Type which defaults to Windows and caused CentOS installer to not find the network. My other servers (also Tyan Transport GT24 but using the newer 3992 mobo) all defaulted to P-ATA instead of S-ATA which caused CentOS to not find any harddrives.

Edited 2007-03-08 20:48

Reply Score: 1

RE[2]: Prediction
by sbergman27 on Tue 6th Mar 2007 17:08 UTC in reply to "RE: Prediction"
sbergman27 Member since:
2005-07-24

"""
It will be released before Etch.
"""

I'll forego the (nearly) obligatory Duke Nukem Forever remark. ;-)

Edit: And just to be clear, I do respect RedHat for holding off a full six months longer than they would have liked in order to get Xen right.

Edited 2007-03-06 17:14

Reply Score: 3

Dell Pre-installs it..
by Southern.Pride on Tue 6th Mar 2007 16:23 UTC
Southern.Pride
Member since:
2006-09-14

On Dell's high end workstations you can have RHEL preconfigured and installed.

What I would like to see a comparison between SLED & RHEL releases when it is ready (latest versions) on server/workstation settings.

Reply Score: 1

RE: Dell Pre-installs it..
by SEJeff on Tue 6th Mar 2007 17:01 UTC in reply to "Dell Pre-installs it.."
SEJeff Member since:
2005-11-05

SLED is designed for Desktops, hence the D (SUSE Linux Enterprise Desktop). For the servers, you install SLES (SUSE Linux Enterprise Server).

Redhat also has a workstation version of RHEL. Since RHEL5 is based off of FC6 with more bugfixes and some stabilization, it will probably make a really good desktop.

Note that Redhat is including software developed by Novell (compiz) by default and have a little applet (desktop-effects) to enable or disable it.

This is what makes open source amazing. Company A, who is a competitor of Company B develops software. Company B decides that it is good and include it in their own products along with improving it. Because of that, Company A (Novell) and Company B (Redhat) have better products.

Reply Score: 3

RE[2]: Dell Pre-installs it..
by butters on Tue 6th Mar 2007 18:39 UTC in reply to "RE: Dell Pre-installs it.."
butters Member since:
2005-07-08

This is what makes open source amazing. Company A, who is a competitor of Company B develops software. Company B decides that it is good and include it in their own products along with improving it. Because of that, Company A (Novell) and Company B (Redhat) have better products.

Thus demonstrating why yesterday's rehash of the "Linux is too fractured" argument is still baloney.

Reply Score: 5

RE[3]: Dell Pre-installs it..
by sbergman27 on Tue 6th Mar 2007 20:25 UTC in reply to "RE[2]: Dell Pre-installs it.."
sbergman27 Member since:
2005-07-24

"""Thus demonstrating why yesterday's rehash of the "Linux is too fractured" argument is still baloney."""

It also exposes all those complaint threads about how Company/Distro/Person X copies from Company/Distro/Person Y as being silly.

So what does that leave, that we talk about regularly here on OSNews, that isn't silly? ;-)

Reply Score: 4

Made me laugh anyway
by ameasures on Tue 6th Mar 2007 16:55 UTC
ameasures
Member since:
2006-01-09

"It may have taken two weeks longer than Red Hat would have liked"

Someone is being ironic here (after the Vista launch).

As Shakespeare might perhaps have said: "Methinks thou does protest too MUCH"!

Reply Score: 1

RE: Made me laugh anyway
by thebackwash on Wed 7th Mar 2007 15:16 UTC in reply to "Made me laugh anyway"
thebackwash Member since:
2005-07-06

As Shakespeare might perhaps have said: "Methinks thou does protest too MUCH"!

[archaic english grammar nazi]
Actually, he would have said, "Methinks thou dost protest too much." ;)
[/archaic]

Reply Score: 2

at last
by frood on Tue 6th Mar 2007 16:57 UTC
frood
Member since:
2005-07-06

I've been looking forward to this. It's getting harder to install esp. CentOS onto newer hardware in my experience. A newer kernel will come in handy.

Reply Score: 1

RE: at last
by Don T. Bothers on Tue 6th Mar 2007 19:00 UTC in reply to "at last"
Don T. Bothers Member since:
2006-03-15

You should not have any trouble installing CentOS on newer hardware. RedHat backports the majority of drivers and support for newer hardware. In fact, RedHat is just about to release RHEL 4.5, which would mean you would be able to install CentOS on the latest hardware when it shortly follows.

Reply Score: 2