Is it better to install server applications from an official distribution, or should I download and install (and manage) my own version?

linux debian service

I've often seen system administrators download and install server applications, including "stock" applications such as Apache, under a dedicated /srv or /opt directory instead of installing them from the official repository, e.g. apt-get install xxx.

Is it really a bad idea to install and run a webserver, or an email server, or even less common services such as Zope from the distribution's official packages?


Not a bad idea at all. IMHO, the opposite is true: You need a good reason why the official packages are not sufficient.

Some problems:

  • With enterprise distributions (RHEL, SLES) you'll lose support.
  • You are responsible for tracking security fixes. Normally, this is done by the security teams of the distribution.
  • It takes time, sometimes a lot, to get it running.

Of course, when you need a specific feature of a new version or just a very specific configuration, doing your own thing is a valid approach, but it will have drawbacks.


Is it really a bad idea to install and run a webserver, or an email server, or even less common services such as Zope from the distribution's official packages?

Depends on what you are trying to achieve.

The major distributions are usually relatively quick in pushing out critical security patches and usually come with a tool for identifying them and notifying you - you don't get that when you install from a tarball.

OTOH they are slower about making non-critical updates available, don't want to complicate their support process with multiple versions of software, and (for commercial suppliers) do want you to buy a new version when it comes along. Sometimes the functionality isn't avaialble at all - e.g. php sqlite support in RHEL.

Compiling from scratch means (if you know what you are doing) you can build a binary which is optimized for your hardware. You do need to ensure that you don't end up with dependencies from the distributor supplied software on the software you maintian yourself - otherwise you'll be condemned to dependency hell!

So there are benefits in installing from the developer rather than distributor - but you need to plan time and processes for keeping the system secure. Certainly you should have a very good reason for doing so.

C.

Related

How to setup Memcached/APC on Ubuntu Server 10.04 for PHP?
Wordpress: Problem installing on dedicated windows server 2008/IIS7
Is SAFE new terminology that is replacing RAID? [closed]
How to retrieve a variable's name in python at runtime?
What does operator "dot" (.) mean?
INFO: No Spring WebApplicationInitializer types detected on classpath
struggling with integers (maximum integer size)
How can I add an item to a ListBox in C# and WinForms?
html table cell width for different rows [duplicate]
Get the scale value of an element?
How can I tell if the screen is on in android?
Local variable log defined in an enclosing scope must be final or effectively final