Slashdot Mirror
Red Hat Linux 9 Reaches End-of-Life
egburr writes "Well, today is the last day for Red Hat Linux 9. The Fedora Legacy Project is supposed to start legacy support. I am still planning to stick with RHL9, for a while at least. How many others are planning to do the same? How many are switching to Fedora? How many are switching to some other distribution altogether? How many have already switched? For people still using earlier levels of Red Hat Linux (6.x,7.x,8), how well has the Fedora Legacy Project worked for you?"
WSAD (WebSphere App Dev) doesn't run under Fedora, so I'm with RH9 until it does. Something to do with libc. Heigh ho.
Check it out at: White Box Linux
the former provides updated packages for EOL'd RH versions; the latter is the basis for new RH versions.
If you'd done any research, you'd have found that those nessus hits were false positives, because Red Hat backports security fixes. The products will report a vulerable version, but they are not vulnerable because RH fixed them.
Nessus just looks at the version, because trying the actual expoit is too risky on running systems, many exploits crash the system (or at least the daemon) in the process of exploiting them.
I've had enough abrasive sigs. Kittens are cute and fuzzy.
I've written an article on this topic covering about a dozen alternatives, it's available at:r edhat-support.html.
http://www.seifried.org/security/redhat/20031230-
Your basic options are:
Continue using Red Hat Linux 7.x and 8.0
Continue using Red Hat Linux 9
Red Hat Advanced Workstation
Red Hat Advanced Server and Enterprise Server
Red Hat Fedora Linux
WhiteBox Linux
SuSE Linux
SuSE Linux Enterprise
Mandrake Linux
Mandrake Linux Enterprise
OpenBSD
FreeBSD
Solaris for Intel and Sparc
Windows 2003
Mac OS X Server
for those who don't know, that's from Return of the King. s/(Redhat 9)|(RH)/Samwise/
/.
wait, what am i thinking. of course you know, this is
RedHat came out to our center last year to do a presentation. One of their claims is that Linux moves too fast for some Enterprise developer's tastes.
An enterprise application developer will get done certifying that a specific build of RedHat will work with their application to their satisfaction when they realize that the official, stable build of several libraries have already jumped a few increments. Which, of course, invalidates their entire QA process.
RedHat decided to handle this issue by developing a slower-moving "Enterprise" target. This offers a more stable and predictable platform for enterprise application developers to develop for, QA, and then provide support for their products on that certified platform.
This was before the Fedora project had been announced. However, even at that point, they were saying that the RedHat Linux we all knew would be the faster-paced, more bleeding-edge version.
You might have to track down a FedoraLegacy key. That shouldn't be too difficult.
FedoraLegacy packages should be signed by a key (presumably you trust the people running FedoraLegacy, otherwise you'd question why you should install updates from some random OSS project). If they have the signature, either the source is the original, or the keys have escaped FedoraLegacy's control. If the second one has happened, you're screwed. There isn't much you can do to show that the packages are correct at that point.
Unless you feel it's a major loss of time download the security updates, there's virtually nothing else for you to lose by downloading them from a mirror, if it's fast, and you have a fast connection.
Kirby
Up until six months ago, I was running Red Hat on my personal machine, and we are stille running Red Hat on our servers.
Now I run Gentoo on my workstation. I like the nerdiness factor, and package upgrading is super easy. Also, no full reinstalls every year, just emerge world and I'm happy.
On the server side we also got a little tired of the constant upgrade hell, and when Red Hat chose to EOL the standard 8/9 line, we decided to switch to Debian. In is in progress now, and I've been running it on my personal server for about three months, and I am very happy with it.
For me and my friends, easy, available upgrades that we can count on keep coming for years is really what is important.
With a fedora rpm the actual code will most likely have been either written or reviewed by one of the thousands of professional linux coders be they paid by redhat, ibm or otherwise. Fedora just does the packaging.
Live & learn....
Of those to whom much is given, much is required.
While I have used RedHat from 4.2 and ran Fedora Core 1 and liked it I ended up with a Debian install. After playing with a Morphix Live CD and really liking it I decided to double click on the "Install to Hard Drive" icon on the desktop.
No looking back. I love it. Easiest Debian install I've ever done. I really like the Synaptic package manager too. I've used Slackware and various releases of Mandrake but from now on it's Debian and FreeBSD for me. FreeBSD for servers and Debian/Morphix on my Thinkpad.
Getting old, like things that are easier now.
> The little money it makes will be sucked out by "legal" pirates
> from its very movement.
As the alleged "pirate" in question, allow me to disagree. Those who need the SUPPORT offered by RH should purchase RHEL3. Those of us who DON'T need the support shouldn't since RHEL3 is 100% Free Software. Red Hat does not sell software since that would be kinda daft, it being Free Software and all that. What they sell is support and if you are the sort of site deploying an Oracle box you will be writing them a check just like you wrote one to Sun when Oracle was sitting on an UltraSparc.
Basically, WhiteBox should be thought of a product between Fedora and RHEL, offering the longer deployment window and most of the stability of RHEL but with the community support more like that of Fedora.
And I have heard my little project from the swamps of Louisiana mantioned by several RH people, but never disparagingly. So if they don't have a problem with what I (and the cAos, tao, etc. rebuild efforts) am doing why don't you hold off on condemming me for another couple of years, until you learn a little more about how the Open Source/Free Software ecology actually works.
Democrat delenda est
What kind of a comparison is that? You've compared YaST to Anaconda, and nothing else. You never even USED Fedora Core. The installer is just one package in a multitude. Your problem could probably have been fixed with a quick visit to fedora-list@redhat.com or http://bugzilla.redhat.com/ . Linux helps those who help themselves.
How appropriate. You fight like a cow.
redhats release schedule for the "free version" has always been about 6 months.
July 1997
Redhat 4.2
December 1997
Redhat 5.0
May 1998
Redhat 5.1
November 1998
Redhat 5.2
April 1999
Redhat 6.0
October 1999
Redhat6.1
September 2000
Redhat 7.0
April 2001
Redhat 7.1
October 2001
Redhat 7.2
May 2002
Redhat 7.3
September 2002
Redhat 8.0
March 2003
Redhat 9.0
What are you talking about ?
You can install apt-rpm or yum and update every version of RH starting from 7.2
It's just a matter of typing apt-get update && apt-get dist-upgrade with repositiories pointing at download.fedoralegacy.org. I use this for about a year already and didn't get a single problem.
They have ALL security patches backported by redhat itself or comunity.
I don't beg you to stay on redhat, use everything you want. I myself have to support a dozen of 7.2, 8.0, 9.0 boxes. Fedora legacy is well suited for it. Period.
Standard redhat's up2date & bare rpm doesn't even go close to what apt-rpm can do on these systems.
- Arwen, I'm your father, Agent Smith.
- Well, you're just Smith, but my father is Aerosmith!
My brother's company did pretty much the same thing. Actually, I'd like to elaborate, since the person who asked (and others) may want some reasons to go with the move, and I got all the details.
So first here's the WHO: they are a small web development company. They have several development servers and a couple of deployment servers. They were running Red Hat, all the same version (the kernel configuration and the actual packages installed differred from the production to the work machines). They were using pretty much everything from RPM's, except for some central webdev things (Apache, PHP, Postgres) which they compiled from source because they needed special settings for them. They host they own servers and bandwidth is not a problem.
Now the HOW: They started with one of the development machines, by making a new root partition in the unused space. They chrooted in it and unpacked the base stable Debian tarball, then set up the apt sources to some nearby mirrors and fired up an upgrade to testing (it was a chroot, so networking was already up) as well as apt-get'ting whatever packages were needed to replicate the original environment.
Next they recompiled the kernel and those special apps I mentioned before, and copied over the work resources (projects and stuff). After a Grub setup and a reboot, it worked fine (just a few details to iron out). The whole thing took about an hour and a half (skilled guy doing it, I guess).
Next came about a week of testing. When everything turned out fine, they made a backup of the entire testing machine and then moved the Debian partition to the start of the disk and reorganized it with whatever other partitions were needed (/var, /tmp, swap).
Made an image of the disk, ghosted it to the other machines, restored work environments from backup, and they were done. Actually, the production machines were a bit tricky, but only because they had to make each of them serve everything while the other one was being changed. Plus they had to cross-compile the kernel and the webdev packages for them on the work machines, but they did that all the time already.
And now here's the WHY: why Debian? Because they were looking for: the lowest cost (cheap bastards); no support needed (they relied on their own syadmin -- yeah, one guy); painless package updates, from a variety of nearby mirrors; a distro similar enough to Red Hat so as not to need too much adjusting for the people; another end of life as far away into the future as possible (didn't fancy doing this again in 12 months). They felt that Debian and Slackware would fit the bill, because they were the oldest and most reliable Linux distro's around. (Eventually Slack got booted--you can guess why.)
Finally, a brief overview of why they rejected other choices: Red Hat = too pricey, life-time too short, plus it would imply a reinstall anyway; Gentoo = they felt that compilation and servers don't go very well together, plus Gentoo is too young; SuSE = it came very close, but the beancounters pushed for as little spending as possible; Mandrake = they felt none too sure that it won't dissapear suddenly someday, given it's history of financial problems; any BSD = too much a step from Red Hat. (Fedora wasn't yet a serious option at the time.)
Some of you are probably gonna say they're cheap bastards who wouldn't give back to open-source by at least investing in some support. What can I say, except "small company, gotta cut the expenses to stay ahead these days". The whole switch took a little over one week and cost them just a bonus for the sysadmin.
i ate crayons when i was a kid and now i have two braincells and the blue ones taste nicer
I've put Fedora Core on my newest machine (replaced Windows XP Home). I'm running Debian, RH7.2 and Windows 2000 on my older machines. I have to say that the Fedora machine has become my favorite. The install was easy (detected all my hardware -- more than Knoppix! which is quite a feat), and It's been very stable. Now that apt-get works, I don't see Debian holding any advantage. I use the Fedora box as both my development machine and my main browse and e-mail box -- I've downloaded and installed the latest versions of EClipse and FireFox. Netscape 7.1 sometimes gives a segmentation fault when trying to start under Fedora, but I don't think that that's Fedora's fault.
Fedora is very, very good. I tried Mandrake 9.2, Knoppix 3.2 (hard disk install -- quick Debian System), ArkLinux, and Sun's Java Desktop before trying Fedora, and none was good enough to keep on the box, except Fedora. I was surprised that I got more software with Fedora than with Sun's Java Desktop (which I paid for) -- What market are they going for?? ( SJD is somewhat SCO-like -- ugh!). ArkLinux kept crashing (they do say that it's alpha software). I had a hard time getting Knoppix to work with my Gigabit Ethernet, my wireless card and didn't have my usual "Debian patience". Mandrake 9.2 kept freezing during the install and when I finally did get it installed, it too had trouble with the Gigabit Ethernet and wireless. Fedora handled my hardware with ease, was child's play to configure the way I wanted it, and hasn't crashed once.
I have been at RH7.3 since it came out and it works very well for me. I used to pay the $60 for redhat up2date support and thought that worked very well. I wish Redhat would have continued supporting it.
I was about to upgrade to Fedora Core 1 when I found out about the fedora legacy project which I think is a very good initiative.
The community driven initiative seems to be lacking support though, for instance the openssl updates have been in "testing" for 4-5 weeks now and still hasnt made it into the released-pool of updates. Being free I know I cannot demand anything, but I can observe that it doesnt seem to be working as well as I thought.
I'll probably go to Fedora Core 2 when it's released, it'd be nice to get the 2.6 kernel.
:) You're actually confusing Fedora Legacy & Fedora Core. They had to choose the better name to distingush them easier!
Fedora Core is community-supported distribution, much like RHx.x was.
Fedora Legacy is a community-supported bugfixes/updates effort for old redhat systems currently not supported by redhat itself (for RedHat distributions from 7.2 to 9.0).
They usually take old packages, native to these old systems and apply back-ported security patches to them.
That's for people that cannot/don't want to upgrade their main distribution, while being able to maintain "old" distribution to be secure.
apt-get can be used on these "old" distributions as well too.
Hope this shed a light a little.
- Arwen, I'm your father, Agent Smith.
- Well, you're just Smith, but my father is Aerosmith!
Its easy if you do it carefully and you know the couple of gotchas - in fact I did one of the ftp.linux.org.uk boxes a couple of days ago *while* it was serving fedora isos at high load
Grab the yum package and fedora-release
Install these two
Now (works around a missing dependancy that might otherwise bite people)
yum upgrade e2fstools krb5-libs
yum upgrade rpm
# You want the newer rpm early
yum upgrade
and it should just work.
No guarantees but its working fine for me. Getting to FC2test3 is best done by CD. I'm going to play with yum updates once FC2 is out but things like the Xorg config file changeover make it hairier
Umm... Mandrake gives the community it's "shitty" version and yes I know it is shitty because I've tried it. Then forces you to pay for anything worthwhile. Red hat is the only linux company worth using. They stick by the open source community, contribute more then anyone, and give away a good free product. They are also the only ones willing to stick their necks out for the community. Fedora is better then any distro I use, and I've used a ton, even now I've got two servers running debian stable. Get your facts straight first, Fedora is a major improvement on RH9 and RH9 had the same development process and all the devs are almost the exact same. Its just now red hat wants to give it away for free and in a few months they will roll out their enterprise desktop. Fedora is more stable the RH9 and RH9 was updated just as frequently and was just as bleeding edge. We aren't beta testers unless you want to try out the tests. You may here alot of bad press by other /.'ers about RH, but the truth is we know where it stands, and it stands above the rest. We are the silent majority if you will, we don't need to brag about how great our OS is. One person can make alot of noise, us RH users will just sit back and watch the rest of you make foolsof yourselves.
Regards,
Steve