Once upon a time my curiousity about systemd and fast startups made me switch from Debian to Fedora 15. Today I've decided I've had enough and I'm going back to Debian. Is it a good decision?
What's wrong with Fedora:
- Too many restrictions. Non-upstreamed modules are forbidden (nvidia), any license that could harm RedHat is forbidden (ffmpeg, vlc). For this common stuff you have to RPMFusion which is probably one of the worst Linux repository and lacks all the goodness of standard Fedora build process (Koji builds). Heck, even after someone made a proof of concept to spoof gpg keys on their editable non-SSL wiki, they still didn't get SSL. And pls don't mention Copr. License restrictions applying to main repository apply here too.
- RPM build is relict from 90's that completely ignores that rest of the world hasswitched to Git for SCM. Every build is unpack archive and build from scratch. Sure, you can shortcircuit it but it's not straightforward and you'd have make and push your approach. On the other hand, rpm has some goodies like automatic parsing of dependencies and file dependencies.
- Lots of NIH and bullshit like firewalld, dnf, ... that is forced on you and it's hard to get rid of it as weak dependencies are not commonly used yet (PulseAudio, ... btw, is it even possible to have Fedora without systemd?).
debian is now infested with systemd and fedora has a pretty nify server flavour now
Daniel Murphy
>fedora has a pretty nify server flavour now Called CentOS
Robert Gonzalez
Another pro for Fedora packaging is that it's completely non-interactive. I've researched why are services in Debian autostarted and it seems it's also some relict from past when someone thought it's a good idea but opinions diverge today[1]. It can be disabled but it's not that straightforward. Still, I can endure that.
Also, Fedora (and RedHat) derivates are the only distributions I know that builds packages centraly in common environment. Sure, it's not silver bullet but I'd say it's more probable to compromise builds of a Debian/ArchLinux maintainer than to compromise RedHat infrastructure. Still, I can endure that.
I thought that SELinux which is well maintained only in RedHat derviates is good feature but then I realized that I run so many crap as unconfined_u:unconfined_r:unconfined_t that it doesn't really protect me aside from restricting few services on my desktop that are mostly isolated from outside anyway. The biggest attack surface is Xorg and PulseAudio. Actually PulseAudio is funny, it's actually even bigger nightmare to share instance of this piece of shit between multiple users than I thought. So you have this big SELinux policy maintained exclusively for Fedora but you cannot even reliably control user access to sound devices because of how is some briliant software designed.
Benjamin Scott
Oh but don't fear, there's at least dozen container solution coming to Fedora that'll sort all that out. Just don't use multiple Unix users, it's not supported.
Austin Flores
That's nice, dear.
Connor Edwards
I may be a bit paranoid there, but the state of security today just irritates me. You can see headlines about bugs in OpenSSL but nobody cares that 90% of software is distributed in plaintext. Gentoo fucks boasts with their Grsecurity kernel and whatnot and yet they still download ebuilds over rsync. And these fucks like Poettering who actually have influence only feel important but actually doesn't give a fuck neither.
Logan Gonzalez
no fedora:server - if you fully embrace systemd and docker, its pretty good with cockpit
Jordan Allen
> tfw no user who'd share this pain with me
Austin Allen
how come somebody doesn't just make a good linux distro
Isaiah Long
There is literally nothing wrong with downloading packages in plaintext because there's this magical thing called a signature that can't be crafted.
Isaiah White
I've used gentoo for 5 years now. Before that, I'd used ubuntu, fedora, debian, opensuse, arch, crunchbang, and a few others I forget. Beside some very niche packages being missing, and some packages not being maintained right, it's been the most solid distro I used by far, from a customization and stability perspective alike.
I'm now trying out manjaro (arch + installer, firmware, stable release channels, extra management tools? Count me in!). It's been great for the past week, but I'll see if the packages in the stable repos are actually stable before switching. The main advantage would be the wide array of packages available for it, and the ability to get a binary package for anything until a specific compile option is needed (at which point I can grab the aur version).
Until I know that manjaro holds up, gentoo > manjaro > *. If manjaro does hold up, though, it would probably be slightly better than gentoo.
Manjaro and gentoo are as close to perfection as you can get in terms of linux distros.
Gavin Ward
You know, that's where you wrong because you need to build the web of trust first. And that's not the case anyway. Vast majority of package build sources have http or ftp URLs in them and because no one gave a fuck until like 2011. And building web of trust with every single upstream that actually supports signatures and veryfing signatures is a thing that most distribution build tools don't do. Face it, your average maintainer gets email from bugzilla urging him to update package. He changes version, runs some scripts and uploads the shit. Yeah, he may actually care about web of trust in his scripts, but he's using an OS whose integrity depends on all maintainers doing this and all upstearm sources having having signatures. I'm pretty sure maintainers don't give a fuck, just like the glorious Fedora build infrastructure don't.
Chase Ross
Congrats, you're clinically retarded!
Brody Lopez
I like the "build from sources" idea of Gentoo but it's to simplistic. Most of the time, I want binary packages and sometimes I just want to patch a distribution package. What I'm dreaming of is some kind of distributed package management where you could go like this:
sources (-> sources)* -> binaries
Also, use flags is a nice feature, but unnecessarily complicated. They could be modeled as metapackages and whole dependency resolution could be fed into some SAT solver.
William Jones
Care to elaborate?
Asher Williams
you have donkey brains
Lincoln Thompson
>Today I've decided I've had enough and I'm going back to Debian. Is it a good decision? No, they're both shit.
Noah Watson
OK. I probably wrote some shit in there. Anyway, it's the case that signature checking depends on the entity who gets the sources and that's usually the maintainer and there's nothing enforcing him to do it and I believe most don't because it's tedious (did they personall retrieve the public key of all upstreams they package?). And sometimes they can't.
Isaiah Morales
Congrats, you don't have the slightest clue about what you're talking about.
Dominic Martin
Debian currently ships with 3.xx. Skylake and newer gfx cards run like shit. They had to iceweasle just because of an icon. No wonder Ian an hero'd.
Arch is nice.
Lincoln King
When I say Debian I'm always talking about testing. Testing has 4.6 now. That's much better than Fedora where you have 4.5 and you'll have to wait half a year for new version to get 4.6.
Evan Anderson
Fair enough. I was using stable until about a month ago (Wheezy? I forget). Didn't really get on with it. Been a fucking pain in the ass with Tails though, Gnome3 is bad enough but with the older kernel and computers that have newer gfx cards...
