Mailing List Archive


[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [tlug] Looking for a distribution to replace Ubuntu



Curt Sampson wrote:
Ubuntu has a fair number of annoyances for me, as folks are probably
gathering from my posts here. It's finally got enough stuff wrong that
can't be fixed as easily as installing a new window manager package that
I'm looking for a new distribution. I'd like to solicit *suggustions*.

use more e's ;)

I don't know whether it will fit all your criteria but based on your collective contributions to the list so fare I would have to say I think you are the sort of user who will brake any, even half decent binary distribution, so I would suggest you ditch them and go with Gentoo. There might be other source based distributions that are leaner and more to your liking but Gentoo is pretty mainstream and has lots of package support, and is trivial to add new packages.

Here are my criteria, in approximate order of importance.

* Support for "full-disk encryption," or as close as Linux gets (which I
guess is an unencrypted boot partition), and an enter-passphrase-on-boot
system usable by a non-sysadmin.

Possible, I have done this in the past.

* A working DNSSEC resolver, preferably using the BIND 9 library. This
should be used by the standard OpenSSH package to use authenticated
SSHFP records.

If this is possible in any simple way it will be possible in Gentoo, and if it isn't (i.e. you have to make the source changes yourself) then it will be easier to do in Gentoo.


* All network-facing services off by default. Well, within reason:
disabling ICMP echo replies would be a PITA. But installing an Apache
httpd package should certainly not start a server. Ideally, too,
services are configured securely by default, e.g., sshd is configured to
disallow all root logins over the network and password logins for any
account.

I don't know about default images because I usually build specifically for the hardware I am using and that involves installing from a basic stage1 install. Generally services don't run unless added to a runlevel so this shouldn't be a problem.


* Good driver support for desktop systems, particularly in the ability
to use modern graphics cards to some basic level of performance. I can
live with Aqua-style stuff being slow and not being able to run games,
but I do need a basic 2-D window manager and programs such as Firefox
to work well, and I need multiple-head support. ACPI suspend and power
management working well would be a good bonus.

I haven't had problems with nvidia binary drivers, except when using hardened kernels with PAX support, but that is a driver issue not a distribution issue.


* A reasonably broad range of binary packages available, and having the
latest production-ready releases available sooner, rather than later.
Automatic updates and all that, too. A fairly coarse package granularity
is fine; I have little concern about how much disk space the system
uses.

Binary packages are available but I have never used them so can't comment on whether they are useful. It is possible to generate binary packages on one machine and distribute them to other hosts. This might be a useful approach for you if you have similar hardware and don't want to compile packages on each host.


To be honest, from a practical point of view it doesn't make much difference whether packages are binary or source based. At least not to me, and I think you will find the same. CPU cycles are cheap its the user cycles that aren't. I have in the past wasted far more time fighting with binary package based systems then with source based systems. Binary systems can be convenient when they do what you want but when they don't you end up either installing unstable packages i.e. Debian Sid or creating an unmaintainable mess by installing directly from sources.

* Some reasonable default configuration for window manager and so on
that office staff comfortable with Windows and the Gnome environment
will be comfortable with, and a set of graphical system management tools
that enable these folks to, e.g., easily find and install programs such
as the Gimp.

From a security perspective, Should office staff with windows background, who are unable to use a console, be installing applications on a secure machine. Set them up with reasonable/generous defaults and make it a support issue if they need more.


There are also graphical installers for Gentoo but I am not familiar with them.

* Including include files and any other basic tools one needs to compile
against a library with the library itself, rather than as a separate
"dev" package. I don't mind if they want to put the profiling libraries
and suchlike in a separate package, though I'd prefer they do not.

:)

If I can find a good candidate, we'd like to replace Ubuntu on all of
the desktops at our office, and on several notebooks.

Edward


Home | Main Index | Thread Index

Home Page Mailing List Linux and Japan TLUG Members Links