[COLUG] Companies that support a custom distribution
R P Herrold
herrold at owlriver.com
Sat Apr 5 12:31:39 EST 2008
On Fri, 4 Apr 2008, Austin Godber wrote:
> Is it really necessary to make a custom distribution as
> opposed to doing a light install of a standard distribution?
The (bad) habit of most 'enterprise' distributions as a 'base'
is that they have taken to throwing in lots of interlocking
dependencies which cause the footprint to explode in size. If
one wants a base with a long life these days with explicit
base vendor party attention to CVE and related updates, you
are pretty well limited the two commercials and Debian; Sadly
there is link rot in Debian:
http://www.debian.org/security/cve-compatibility
refers to:
http://security-tracker.debian.org/
which is a dead link for me. Other parts still work:
http://security-tracker.debian.net/tracker/
and the 'announce' style mailing list at:
http://lists.alioth.debian.org/mailman/listinfo/secure-testing-announce
I find its form harder to use that the RHT or SuSE
security announce lists I am also on.
> Using common distributions will lighten your support
> burden/costs. Of course you can only strip them down so
> much ... getting about 250MB base install. I imagine there
> are other reasons that require a custom distribution.
As I mentioned commercial LTSP based installations want to
usually have a tailored (stripped out) set of applications for
their users to avoid non-work related use and to permit
auditability and to attain passing a security policy document
asessment audit.
-- Russ herrold
More information about the colug432
mailing list