Conversion to Linux

[David Nicol]

On Sun, Nov 2, 2008 at 3:27 PM, Jeffrey Watts <jeffrey.w.watts at gmail.com> wrote:
> In regards to uniquely compiled binaries - this would make auditing and
> testing a nightmare.  If you have 100 identical webservers, having 100
> different Apache binaries is a terrible idea.  You want to have a test
> environment where you test ONE binary and deploy that ONE binary across the
> entire platform.  You can then guarantee that that tested binary will work
> properly and is secure.

Setting exactly that scenario up, to support internal distribution of
binaries compiled once and pushed internally, happens to be easier to
set up with
Gentoo than with other distribution frameworks, which is why after
several weeks of
research I wound up recommending standardizing on an in-house Gentoo-derived
system when I was tasked with the assignment of composing such a recomendation.

http://en.wikipedia.org/wiki/Portage_(software)#Binary_Packages

The feature set I was looking for included:

 *  an existing stream of security patches and ease of application
 *  rapid deployment of new nodes
 *  rapid configuration of a new node into a standard configuration
 *  easy definition of standard configurations
 *  no interference with upstream patches to packages in use

This list does not include "vendor support."  The client for whom I
made that call takes great
pride in the depth and breadth of their system administration skills.

I was surprised by my finding, as I am a fan of Debian, but setting up
and maintaining in-house ebuilds
happens to take fewer keystrokes than setting up and maintaining
custom debs, especially when
it comes to selecting from available updates.

I do not know if the client for whom I made the
recommendation has followed it or not.  I am curious, I would
appreciate it if anyone on this
list who still works there could give me an update on the progress of
that project.