Knowledge Base

This is my reply to Stonewall on his post titled Re-evaluating RHEL from 2023-06-25. This started as an email but got too long to be an email message.

I appreciate your write-up. I chose AlmaLinux for when I built my first and still only EL8-level host. I suppose the whole point should be that AlmaLinux is identical to Rocky Linux. I was classically trained in the selinux and (systemd) frameworks, and I miss the "good old days." RPM makes sense to me, although dpkg isn't so bad either.

I too depend on FreeIPA and I second your observations about FreeIPA server on non-EL OSes. I think the Debian FreeIPA maintainer switches off the server bits during rebuilds intermittently because the software just doesn't get enough attention on non-RHEL systems. I would never try to run a freeipa server on anything other than a RHEL-like system. At the time I was switching to Devuan GNU/Linux for desktop usage, and even some servers now, I learned that FreeIPA client was available only in the unstable release. By now, it's in the first stable release. In my experience, the freeipa client components are entirely stable and usable on Devuan Ceres, well, after the package I maintain in Devuan for this: systemctl-service-shim, and my various scripts of course. I should do a writeup of my current Devuan ipa-client-install process.

With the recently announced change that RHEL free developer licenses are increased to 240, do you think that will satisfy your server needs? I still wouldn't do it, because of the licensing required.

Let me pontificate for a minute on my ideal distro of GNU/Linux:

• Dnf with dpkg as currently provided with versioning conventions and package building processes. The only layer of Devuan's packaging that could be objectively improved with EL technology is the network package manager itself. Dnf transactions (and display output) are more palatable to me than the sprawling and inconsistent output of apt. The dpkg naming conventions as they relate to major package versions are really nice: gcc-9 and gcc-11 are both available at the same time! I'm also used to debuild which has its quirks, but is still useful and easy enough that I don't miss rpmbuild that much.
• SELinux. AppArmor just feels... insufficient. I've seen SELinux cranked way up, and cranked way down, and disabled.
• Systemd not mandatory. Ideally support for sysvinit. Ironically I like systemd as a service manager, but it's a shame it won't stay in its corner.

Because multiple of these desires are entirely imaginary, I use both a mixture of RHEL-like (CentOS 7, AlmaLinux 8) and Debian-like (Devuan Ceres) for my real network.

p.s. It sounds like you read a lot of the same technical content on the Internet that I do! You have extremely good taste, my friend!