Language Selection

English French German Italian Portuguese Spanish

better stability & security

Rolling release/repo
73% (183 votes)
Static release/repo
27% (67 votes)
Total votes: 250

Rolling release is good for

Rolling release is good for one reason. You get the full security and bug fix updates as intended by upstream.

No amount of backporting fixes is enough to keep a system secure and bug free. It's as simple as that. If I backport fixes from kernel git tree to a stable kernel 2.6.2x release, I'm most likely going to miss a lot of fixes. Cherry picking fixes for popular bugs only isn't a solution and causes weakness in Static release distributions.

The only requirement for a rolling release to work is to keep the base system as simple as possible. Theoretically, no downstream patching should be done in packages such as glibc, gcc or kernel unless it is a patch waiting to be eventually merged in a future upstream release.

re: poll

For servers - Static release/repo.

The "theory" of rolling releases is great, but the real world application, not so much.

Servers MUST be stable and secure. With a rolling release, you rely too much on the upstream vendor not to fubar something your system must have (not that it can't be done - mainframes have been doing rolling upgrades for decades - it's just EXPENSIVE to do it right).

RHEL/CENTOS has the right business model. Forget the fluff (and or bleeding edge stuff), only put well tested software into their repo's, backport security as needed, and support the whole thing for 5 years (or longer for security patches)

Of course it doesn't really matter what method the upstream vendor uses, you still need to run a parallel test environment along side your production environment, and test everything (and I mean EVERYTHING) in the first before rolling it out on the second.

It's just easier (for me anyways) to plan your server environments (and their future) if you have static (but not the ridiculously short 6 month timeframe) releases.

Which would you say is better for a linux server?

I have heard the topic discussed in various forums and points of view.

Which would you say is the better choice for a linux based server?

Please give reasoning for your answers and not post "sux" or "rules" nonsense.

Big Bear

More in Tux Machines

Leftovers: OSS

Security Leftovers

  • Security updates for Thursday
  • OpenSSL patches two high-severity flaws
    OpenSSL has released versions 1.0.2h and 1.0.1t of its open source cryptographic library, fixing multiple security vulnerabilities that can lead to traffic being decrypted, denial-of-service attacks, and arbitrary code execution. One of the high-severity vulnerabilities is actually a hybrid of two low-risk bugs and can cause OpenSSL to crash.
  • Linux Foundation Advances Security Efforts via Badging Program
    The Linux Foundation Core Infrastructure Initiative's badging program matures, as the first projects to achieve security badges are announced.
  • Linux Foundation tackles open source security with new badge program
  • WordPress Plugin ‘Ninja Forms’ Security Vulnerability
    FOSS Force has just learned from Wordfence, a security company that focuses on the open source WordPress content management platform, that a popular plugin used by over 500,000 sites, Ninja Forms, contains serious security vulnerabilities.
  • Preparing Your Network for the IoT Revolution
    While there is no denying that IP-based connectivity continues to become more and more pervasive, this is not a fundamentally new thing. What is new is the target audience is changing and connectivity is becoming much more personal. It’s no longer limited to high end technology consumers (watches and drones) but rather, it is showing up in nearly everything from children’s toys to kitchen appliances (yes again) and media devices. The purchasers of these new technology-enabled products are far from security experts, or even security aware. Their primary purchasing requirements are ease of use.
  • regarding embargoes
    Yesterday I jumped the gun committing some patches to LibreSSL. We receive advance copies of the advisory and patches so that when the new OpenSSL ships, we’re ready to ship as well. Between the time we receive advance notice and the public release, we’re supposed to keep this information confidential. This is the embargo. During the embargo time we get patches lined up and a source tree for each cvs branch in a precommit state. Then we wait with our fingers on the trigger. What happened yesterday was I woke up to a couple OpenBSD developers talking about the EBCDIC CVE. Oh, it’s public already? Check the OpenSSL git repo and sure enough, there are a bunch of commits for embargoed issues. Pull the trigger! Pull the trigger! Launch the missiles! Alas, we didn’t look closely enough at the exact issues fixed and had missed the fact that only low severity issues had been made public. The high severity issues were still secret. We were too hasty.
  • Medical Equipment Crashes During Heart Procedure Because of Antivirus Scan [Ed: Windows]
    A critical medical equipment crashed during a heart procedure due to a timely scan triggered by the antivirus software installed on the PC to which the said device was sending data for logging and monitoring.
  • Hotel sector faces cybercrime surge as data breaches start to bite
    Since 2014, things have become a lot more serious with a cross section of mostly US hotels suffering major breaches during Point-of-Sale (POS) terminals. Panda Security lists a string of attacks on big brands including on Trump Hotels, Hilton Worldwide, Hyatt, Starwood, Rosen Hotels & Resorts as well two separate attacks on hotel management outfit White Lodging and another on non-US hotel Mandarin Oriental.

Android Leftovers

today's howtos