The archlinux community is convinced that a production server has to be updated once a day. The philosophy behind the rolling release model is to convert new sourcecode from the upstream project into a binary file and use the result on a computer for production ready tasks. The idea is that bugs and critical security issues are fixed always in the upstream and after installing the new version the server will become more stable.
The answer – according to the archlinux project – to every problem in computing is to install the new version as soon as possible. Unfortunately there are some cons available. First problem is that updating the entire operating system every day costs time and bandwidth. Lots of new packages have to downloaded and installed. Another more serious problem is, that from time to time the update procedure fails. That means the newly installed package doesn't work or in the worst case the entire wayland server won't display something on the screen so the user has to debug manually with the help of the forum. These problems are the main reasons why the Arch linux project remains a relative small project. And even Archlinux enthusiasts are shy to use the operating system as a webserver.
The opposite philosophy toward arch linux is of course the debian project which creates a new stable version every two 2 years and then the software version remains the same. Only minor bugfixes and security updates are shipped to the production server. And these patches are mostly delayed so that they can be tested on a virtual machine first. This ensures, that a debian server is always in a stable condition which makes it a great choice as a server and a desktop machine.
There is a third philosophy not discussed frequently in the past which is a froozen release model. Froozen release assumes that even Debian stable isn't reliable enough. The user is forced to install new minor versions every 3 months which includes to reboot the machine for a kernel update. The self understanding of a froozen release model, to not deliver any updates and reduce the amount of updates to zero. Froozen means, that a new operationg system is delivered every 2 years and the duration in between the system never gets rebooted or has to update something.
This implies that at the end of of the 2 years period the user is running outdated and all the CVE vulnerabilites remain unsolved. The open question is, if this model is superior to Debian or not.
From a technical standpoint its the logical improvement over stable releases. The idea is that installing updates is the cause for all problems and only an uptime of 700 days ensures stability.
To make the point more clear we should compare rolling release with froozen release. Rolling release means, that the admin of a server installs updates every day with the pacman tool. In contrast, froozen release means to disable the pacman tool at all and the server works 2 years with the unmodified code. If a security problem was available in the original code, this problem remains open for 2 years.
Its a bit hard or even impossible to verify on a scientific basis which software distribution is more reliable. Even the comparison between arch linux and Debian is highly subjective. Introducing a seldom discussed third distribution into the comparison will make the debate harder not easier.
No comments:
Post a Comment