No post-high-school education here, but spending insane amounts of time beta testing, packaging, proof-reading documentation and generally getting my hands very very dirty with one particular Linux distribution landed me a job as a packager/documenter with the distro, and last month I "celebrated" my 8 year anniversary working with the same company (now working on security).
The thing that got me in, besides obvious skill, was the volunteer work and passion I put into the company so the end result was they gave me a cheque for doing in an official capacity what I'd been doing unofficially for months.
The nice thing about that is that it gave me the time to increase my knowledge and skills and has gotten me a number of minor little projects under my belt in that time as well as two significant projects (both more or less defunct now, but that's besides the point since both projects had more value to me in terms of what I learned by doing them).
There's also runit, which is a more free rewrite of daemontools. I think it's better because you can use it to completely replace init. And you can still run stuff out of init.d if you want. For instance, if you look at something like Annvix, it uses a bit of a hybrid system... runit has replaced init, all services are run supervised, but the init system is still there so you can use normal initscripts (well, slightly modified). Has been working very well for a few years. The init system is a bit of a hybrid thing... one part Gentoo, one part Mandriva, and one part pure strangeness that turns out quite well.
Standard disclaimer: yeah, I'm the author of Annvix and yeah, I tooled the weirdness that is the Annvix init system. But it works extremely well, with many benefits over the "standard" Mandriva/Fedora/RedHat init system.
5. Security updates would be made available weeks after exploits became known.
Care to provide some proof on that one? A general and very broad statement like that calls for some proof to back it up.
Unless you're referring to the kernel itself (which there were issues with, due to a certain kernel developer that's no longer with Mandriva), most (and I do say most... there are exceptions, just like any other distribution unless you're using Gentoo and can emerge the latest upstream version the moment it's released) updates were released in a very timely manner. Unless it was a "0-day" vulnerability, updates from Mandriva are more often than not released within ~24hrs of other major vendors if not earlier.
You said:
Okay. Calling DPKG a security problem because it doesn't allow package signing? I'll grant that's kind of valid.. but how many signed packages are their in any other linux distribution? I don't believe I've ever seen even a single one! (in other words.. who cares if RPM can do this if nobody uses it). Oh wait.. you could always just INSTALL RPM!
I say:
Mandrake has been signing RPMs for a *long* time. I don't know about any other distro, but Linux-Mandrake does it without fail on every package we put out.
Slashdot Mirror
No post-high-school education here, but spending insane amounts of time beta testing, packaging, proof-reading documentation and generally getting my hands very very dirty with one particular Linux distribution landed me a job as a packager/documenter with the distro, and last month I "celebrated" my 8 year anniversary working with the same company (now working on security).
The thing that got me in, besides obvious skill, was the volunteer work and passion I put into the company so the end result was they gave me a cheque for doing in an official capacity what I'd been doing unofficially for months.
The nice thing about that is that it gave me the time to increase my knowledge and skills and has gotten me a number of minor little projects under my belt in that time as well as two significant projects (both more or less defunct now, but that's besides the point since both projects had more value to me in terms of what I learned by doing them).
There's also runit, which is a more free rewrite of daemontools. I think it's better because you can use it to completely replace init. And you can still run stuff out of init.d if you want. For instance, if you look at something like Annvix, it uses a bit of a hybrid system... runit has replaced init, all services are run supervised, but the init system is still there so you can use normal initscripts (well, slightly modified). Has been working very well for a few years. The init system is a bit of a hybrid thing... one part Gentoo, one part Mandriva, and one part pure strangeness that turns out quite well.
Standard disclaimer: yeah, I'm the author of Annvix and yeah, I tooled the weirdness that is the Annvix init system. But it works extremely well, with many benefits over the "standard" Mandriva/Fedora/RedHat init system.
5. Security updates would be made available weeks after exploits became known.
Care to provide some proof on that one? A general and very broad statement like that calls for some proof to back it up.
Unless you're referring to the kernel itself (which there were issues with, due to a certain kernel developer that's no longer with Mandriva), most (and I do say most... there are exceptions, just like any other distribution unless you're using Gentoo and can emerge the latest upstream version the moment it's released) updates were released in a very timely manner. Unless it was a "0-day" vulnerability, updates from Mandriva are more often than not released within ~24hrs of other major vendors if not earlier.
I'd love to get some proof on this one.
You said:
Okay. Calling DPKG a security problem because it doesn't allow package signing? I'll grant that's kind of valid.. but how many signed packages are their in any other linux distribution? I don't believe I've ever seen even a single one! (in other words.. who cares if RPM can do this if nobody uses it). Oh wait.. you could always just INSTALL RPM!
I say:
Mandrake has been signing RPMs for a *long* time. I don't know about any other distro, but Linux-Mandrake does it without fail on every package we put out.