Stability vs. Security vs. Functionality

Posted: 2013-01-15 20:49:36 by Alasdair Keyes

Direct Link | RSS feed


In the world of GNU/Linux there are a number of well known Enterprise distributions and distributions that have gained a reputation for stability and reliability. Primarily, Red Hat Enterprise Linux boasts itself as the number one enterprise distribution and Debian also has a reputation among sys-admins for being rocksteady.

These distributions are reliable and stable, however that comes at a cost. Recent releases of software often have bugs and/or security flaws in them, which puts people off upgrading to them until the bugs have been worked out. It's this mantra that Debian and Redhat adopt to gain their reputation for reliability. Sadly, the recently released software also has all the latest security patches and new features.

This creates a trade off between running the latest software which is patched for all known bugs and has more functionality and running older software which is more reliable, but comes with less features and doesn't have the latest patches.

Of course, Redhat and other vendors do backport security patches when flaws are found, and Redhat have their Fedora project which is at the bleeding edge of software releases, but I think the days of large distributions running far out-dated software are coming to an end. Back porting patches in this manner is effective, but usually only done once a compromise has actually been exploited, rather than when the upstream software has fixed the bug, and the time difference between the two can be great. Debian has within the past few years started catching up with the latest upstream software and I think this is the right track.

Some of you may have already worked out that the recent Exim remote root exploit has triggered this post. More information can be found at http://www.theregister.co.uk/2010/12/11/exim_code_execution_peril/ and https://rhn.redhat.com/errata/RHSA-2010-0970.html.


If you found this useful, please feel free to donate via bitcoin to 1NT2ErDzLDBPB8CDLk6j1qUdT6FmxkMmNz

IT Consultancy Services

I'm now available for IT consultancy and software development services - Cloudee LTD.



Happy user of Digital Ocean (Affiliate link)


Version:master-af1e52234c


Validate HTML 5