Alex Barnes
2006-Feb-08 02:04 UTC
[Asterisk-Users] Fedora Core 3 or Fedora Core 4? yum update ornot?
> -----Original Message----- > From: asterisk-users-bounces@lists.digium.com [mailto:asterisk-users- > bounces@lists.digium.com] On Behalf Of Rich Adamson > Sent: 08 February 2006 08:41 > To: Asterisk Users Mailing List - Non-Commercial Discussion > Subject: Re: [Asterisk-Users] Fedora Core 3 or Fedora Core 4? yumupdate> ornot? > > However, if you expose the box to the internet, you might want toupgrade> those components that are known to have vulnerabilities. If you don't, > count > on the box being compromised sooner or later. > > ------------------------ > > This is sound advice worth taking. If you get a system stable in > > production, LEAVE IT ALONE!! > >We have just switched from SUSE to Fedora4 for our new installs and are very happy with it. Personally I much prefer it and bonus is it's free. Something that might be of interest is before I deployed the box live I did a full yum update I guess it must have updated the kernel or something as after I rebooted the box zap stopped working with some weird errors. Quick recompile of zaptel had everything working a charm but its something worth keeping in mind. I think the "once it's working, leave it alone" advice is very sound indeed :) HTH Alex Information contained in this e-mail and any attachments are intended for the use of the addressee only, and may contain confidential information of Ubiquity Software Corporation. All unauthorized use, disclosure or distribution is strictly prohibited. If you are not the addressee, please notify the sender immediately and destroy all copies of this email. Unless otherwise expressly agreed in writing signed by an officer of Ubiquity Software Corporation, nothing in this communication shall be deemed to be legally binding. Thank you.
JP Carballo
2006-Feb-08 02:43 UTC
[Asterisk-Users] Fedora Core 3 or Fedora Core 4? yum update ornot?
Alex Barnes wrote:>I think the "once it's working, leave it alone" advice is very sound >indeed :) > > >A similar rule says "If it ain't broke, don't fix it." -- JP Carballo http://www.netfone2x.com Bringing the world closer. It might look like I'm doing nothing, but at the cellular level, I'm really quite busy.
Technical Support
2006-Feb-08 08:38 UTC
[Asterisk-Users] Fedora Core 3 or Fedora Core 4? yum update ornot?
I think that some people try to make their asterisk box a do-everything super server. Can you image a traditional PBX with direct access via the internet, serving web pages via apache, running sendmail, etc. Our approach has been keep it simple. We lock each Asterisk PBX down has hard as possible. This includes no direct internet connection (it should sit behind a real firewall), minimal services running, etc. With this philosophy, one can treat the PBX as an appliance: don't touch it if it's working. If you must run host web pages, run mail servers, offer SQLnet connections, make visible to the internet, etc. then other users are correct - you better continually patch/update ASAP. MD -----Original Message----- From: asterisk-users-bounces@lists.digium.com [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of Alex Barnes Sent: Wednesday, February 08, 2006 4:04 AM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: RE: [Asterisk-Users] Fedora Core 3 or Fedora Core 4? yum update ornot?> -----Original Message----- > From: asterisk-users-bounces@lists.digium.com [mailto:asterisk-users- > bounces@lists.digium.com] On Behalf Of Rich Adamson > Sent: 08 February 2006 08:41 > To: Asterisk Users Mailing List - Non-Commercial Discussion > Subject: Re: [Asterisk-Users] Fedora Core 3 or Fedora Core 4? yumupdate> ornot? > > However, if you expose the box to the internet, you might want toupgrade> those components that are known to have vulnerabilities. If you don't, > count on the box being compromised sooner or later. > > ------------------------ > > This is sound advice worth taking. If you get a system stable in > > production, LEAVE IT ALONE!! > >We have just switched from SUSE to Fedora4 for our new installs and are very happy with it. Personally I much prefer it and bonus is it's free. Something that might be of interest is before I deployed the box live I did a full yum update I guess it must have updated the kernel or something as after I rebooted the box zap stopped working with some weird errors. Quick recompile of zaptel had everything working a charm but its something worth keeping in mind. I think the "once it's working, leave it alone" advice is very sound indeed :) HTH Alex Information contained in this e-mail and any attachments are intended for the use of the addressee only, and may contain confidential information of Ubiquity Software Corporation. All unauthorized use, disclosure or distribution is strictly prohibited. If you are not the addressee, please notify the sender immediately and destroy all copies of this email. Unless otherwise expressly agreed in writing signed by an officer of Ubiquity Software Corporation, nothing in this communication shall be deemed to be legally binding. Thank you. _______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Ryan Amos
2006-Feb-08 10:04 UTC
[Asterisk-Users] Fedora Core 3 or Fedora Core 4? yum update ornot?
This is turning into a sysadmin theory flamewar, but I think the main point is that Fedora probably isn't the best thing to run on production machines for QA reasons. This is because Fedora is more or less the QA testbed for RHEL. CentOS is, for all intents and purposes (except a little bug I discovered with large block devices >2 TB) the same as RHEL without the support contract, so it is probably a better choice for a server you want to keep working for a while. Debian stable would probably work just as well (though IMO debian tends to be a bit TOO old,) as would SUSE's stable release version. Just don't use a "testing" release on a production machine. "yum update" (or up2date, or apt) is pretty safe on "stable" release trees, but in the testing releases you can run into problems with package dependencies, versions, slowly updated mirrors... you get the point. -Ryan -----Original Message----- From: asterisk-users-bounces@lists.digium.com [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of Jens Vagelpohl Sent: Wednesday, February 08, 2006 4:21 AM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [Asterisk-Users] Fedora Core 3 or Fedora Core 4? yum update ornot? On 8 Feb 2006, at 09:43, JP Carballo wrote:> Alex Barnes wrote: > >> I think the "once it's working, leave it alone" advice is very sound >> indeed :) >> >> > A similar rule says "If it ain't broke, don't fix it."Until you realize some script kiddie has exploited another Apache/ mod_ssl bug and is now remote-controlling your box. There are no hard and fast recipes here. Neither the "automatically apply any and all updates" nor the "build and never look at it again"- policies should be applied without taking the specific situation into account. If your box is on the internet you simply cannot forego updates. Period. If your box is completely walled off from the internet you can be lax about it (unless you have to worry about attacks from the inside). The best policy is probably one that is halfway between the two. There are packages you only ever want to update "under parental supervision", like kernels. Then there are packages where you want to grab any update you can get ASAP, like Apache, or PHP, or SSH. Yum allows you to express this in its configuration, you can exclude packages from the automatic update. I personally run a nightly script that uses yum to determine if there are updates. I apply them by hand. However, this is only feasible because it runs on just two machines. jens _______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users
Tim Reimers
2006-Feb-08 10:46 UTC
[Asterisk-Users] Fedora Core 3 or Fedora Core 4? yum update ornot?
CentOS is what Asterisk@Home is based on--- that should also inform of someone else's thinking about stable distros to use.. CentOS is still RPM based, so you'd be in familiar turf as far as that goes-- no 'apt' stuff to relearn to support a new distro.. t -----Original Message----- From: asterisk-users-bounces@lists.digium.com [mailto:asterisk-users-bounces@lists.digium.com] On Behalf Of Russ Price Sent: Tuesday, February 07, 2006 11:21 PM To: Asterisk Users Mailing List - Non-Commercial Discussion Subject: Re: [Asterisk-Users] Fedora Core 3 or Fedora Core 4? yum update ornot? Zach A wrote:> What is recommended for a production quality system, FC3 or FC4. Once > installed, is it necessary to run yum update, does that make things > any better or just take up more memory?I wouldn't recommend Fedora Core for a production system - at least not a server. For one thing, FC3 is now obsolescent, and FC updates in general have a very good chance of breaking things; I know from personal experience. Once support stops for a Fedora Core version, security updates via Fedora Legacy are few and far between. I'd go with CentOS 4.2 instead, or, if you have the bucks, the corresponding RHEL version. Updates are provided for a much longer period, and are far less likely to break things. Russ _______________________________________________ --Bandwidth and Colocation provided by Easynews.com -- Asterisk-Users mailing list To UNSUBSCRIBE or update options visit: http://lists.digium.com/mailman/listinfo/asterisk-users