With all due respect, having worked in a corporate environment for the last ten years I can say that these things are probably not things that corporations emphasize.<br><br>In regards to uniquely compiled binaries - this would make auditing and testing a nightmare. If you have 100 identical webservers, having 100 different Apache binaries is a terrible idea. You want to have a test environment where you test ONE binary and deploy that ONE binary across the entire platform. You can then guarantee that that tested binary will work properly and is secure.<br>
<br>As far as branding goes, unless the product a company is selling is an operating system, using Linux From Scratch to have a "branded" OS doesn't seem very useful. After all, if ZapperTed's wants a snazzy corporate themed desktop they can always just modify SLES, RHEL, or Ubuntu to use the corp's logo as a wallpaper and have fancy icons and such. But to be perfectly honest the most that any company really does is put a corp wallpaper on a desktop, and you can do that with any distribution.<br>
<br>The StackGuard thing is a good point, though, but I feel that given the nature of most corporate environments where you can have systems as old as 10 years still in use most security efforts rely on securing the network, not the systems. Yes, system security is important, but there are usually many systems that can't be upgraded and thus the #1 emphasis is the firewall and access security.<br>
<br>Here is a short (and undoubtely incomplete) set of things that corporations desire:<br><br>1) Vendor support<br>2) 3rd Party support<br>3) Stability<br>
4) Length of support (EOL)<br>5) Scalability<br>6) Security<br>7) Compatibility<br><br>The only two distributions that really fit this bill right now are Red Hat Enterprise Linux and SuSE Linux Enterprise Server. My opinion is that of these two, RHEL is the better product.<br>
<br>Wearing my Linux advocacy hat, I'd recommend NOT doing business with Novell (SuSE) since they sold out to Microsoft. I'd also not recommend using CentOS, as they're undercutting Red Hat's business model and I think that's really uncool (sure it's legal, but it's not moral). I think most businesses serious about their IT but interested in saving money should use Fedora for the clients, RHEL for the server. Best of both worlds.<br>
<br>As far as security goes, I'd argue that RHEL and Fedora can probably be made more secure than any other distribution because of the fact that they were the first to support SELinux. SuSE does not. Ubuntu does, but to be honest given how recent their support of it is, I wouldn't want to use an Enforcing mode SELinux on Ubuntu yet, as it takes quite a long time to get the kinks worked out.<br>
<br>Michael, in case you don't know what Security Enhanced Linux is, it's a set of kernel-level high security modules developed by the NSA. In my opinion it's absolutely essential for core network servers.<br>
<br>SELinux can be very confusing to even experienced Unix admins on first using it, but once you get the hang of it it's actually really slick. All of Red Hat's training teaches how to provide services that are secured via TCP wrappers, ipchains, and SELinux. Their training is excellent - best I've ever been through, hands down (I've taken SGI and Sun training as well as internal Sprint training).<br>
<br>Again, if you're new to Linux and your business is thinking of using Linux, I can't recommend Red Hat enough. When I was on the Sprint Linux Evaluation team four years ago they were the stand-out vendor (with the notable exception of the IBM mainframe world, where SuSE had an edge).<br>
<br>In terms of support contracts, many companies offer authorized RHEL support. I'd recommend looking at getting support from Red Hat directly, however, as my company has had some mediocre experiences with getting RHEL support from HP. IBM may be better, as they're very well known for their professional services and support, but you can't go wrong with getting support directly from Red Hat. <br>
<br>Let me know if you have any more questions. I work for Sprint on extremely mission critical systems, and we're got a project to move my platform from SGI IRIX on Origin hardware to RHEL on HP Integrity systems in 2010. My systems alone do about $12 billion a year in business, so if your management has any concerns about the ability of Linux to do "real work", you can take it from me that yes, it can. :)<br>
<br>Good luck Michael.<br>Jeffrey.<br><br><div class="gmail_quote">On Sun, Nov 2, 2008 at 10:40 AM, David Nicol <span dir="ltr"><<a href="mailto:davidnicol@gmail.com">davidnicol@gmail.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="border-left: 1px solid rgb(204, 204, 204); margin: 0pt 0pt 0pt 0.8ex; padding-left: 1ex;">
<br>The things a corporate environment could use that gentoo offers are:<br>
<br>
centralization of configuration management (although this is also<br>
offered by others)<br>
more secure because not using widely distributed binaries;<br>
possible to enforce that<br>
all systems corp-wide are compiled using<br>
[<a href="http://en.wikipedia.org/wiki/Stack-smashing_protection" target="_blank">http://en.wikipedia.org/wiki/Stack-smashing_protection</a> StackGuard or<br>
similar]<br>
<br>
If you want full control, though, "Linux From Scratch" recipes may<br>
be better. Gentoo offers a LFS-like situation where a lot of the<br>
groundwork is already done, and everything can get branded OurCorp<br>
instead of Fedora.<br>
<div><div></div><br></div></blockquote></div><br>-- <br><br>"He that would make his own liberty secure must guard even his enemy from oppression; for if he violates this duty he establishes a precedent that will reach to himself." -- Thomas Paine<br>