I have used Fedora for hosting servers a lot of times. I have never faced any problem. Still all the new users come and tell Fedora is not secure. We should use Ubuntu / CentOS or some other distribution but not Fedora. I never understand what is the problem with Fedora. What makes other distributions more secure.

Few points: 1. Fedora comes with iptables configured to allow only SSH. Plus we can always configure iptables to even block SSH if we want too. So no short coming on firewall.

  1. Fedora releases updates regularly (both security and general patches).

  2. People say distro X releases new version once in 5 years and Fedora once in 6 months. How come releasing once in 5 years makes things secure. IF you feel 5 year old things are secure install five year old OS or dont upgrade for 5 years even if new version comes. Personally I feel not giving new version for 5 years does not adds to security. You would have to release patches for 5 years as and when bugs get detected. So using very old OS just means more patches. If we use recently released version then we have to apply less updates / patches. How releasing once in 5 years makes things secure I have never understood.

  3. All OS uses similar packages like Gnome, Open-Office, KDE, Open-SSH, Apache. Do other distribution developers spend time reading source code of these packages and correcting security errors, if any? Even if they do wont they publish those flaws and all other distributions would release patches for it including Fedora. Or would they secure their own distributions and not bother to notify others. This all assuming they do read all millions of lines of codes of packages as big as apache, gcc, Open-Office. If this things are same in every distribution, what makes Fedora more vulnerable.

  4. Fedora comes with seLinux preinstalled and nicely configured.

  5. Bind runs in chroot by default in fedora. Now with Fedora 11 DNSSEC support is also present by default. See question DNS Server on Fedora 11 where some one pointed Fedora in not good for hosting DNS. I do not know why.

In fact one of the new admins installed Cent-OS 5.3 on one of the test machines. I used it to ping one IP which was not there. I got ping replies. I was astonished since it was not possible. I tried to find out the location from where replies are coming but failed. At end after trying for more than a hour, I removed network cable from CentOS machine. I was still able to ping the IP. Then I tried to ping IP address of the machine. I could ping that too. So I was able to ping two IPs (not others, I tried them too) when machine was configured with one IP and no aliases (eth0:1, etc.) were present. I checked ifconfig output too. I lost complete trust in so called server distributions and installed Fedora 11 on all test machines. Now I do not face such strange problems for things as basic as ping.

I would really appreciate if I could get real life examples which indicate Fedora is unsecure and if in that case it were any other distribution things would have been fine. Do not give examples were admin made mistakes. We cant blame a distribution for that. Also do not give very old Fedora 1, 2 or Fedora 3 examples. Fedora project is very mature now especially last two versions 10, 11. If you have faced security issues which are particular to only them, please share your experiences.

  • I'm having trouble following the ping discussion. Where were you pinging from? What specific IP were you pinging? You should be able to ping the host from its console. If you could ping the host from elsewhere with its network cable detached, the problem is NOT the detached host. – kmarsh Jul 14 '09 at 12:21
  • I was able to ping two different IPs from host when the host was not connected to network. I tried using Crtl+C and started ping again I was still able to ping from host which was not connected to any network to two different IPs. I tried pinging both IPs in parallel in two different terminals and I was able to ping both IPs. But it worked only for two IPs. I tried few other IPs but they were not pinging as expected. There was no strange firewall configuration on the host which could have caused this. – Saurabh Barjatiya Jul 14 '09 at 12:38

I thought I didn't have anything to add to this, but after having run Fedora in production for nearly two years - for my very important Zabbix monitoring system! - it seems I do have a couple of things to say.

First, it was not my first choice. Typically for anything even vaguely important I will choose CentOS/RHEL for the long-term stability benefits that these distributions provide. However, for this particular deployment I absolutely required features in Zabbix 2.0, while the EPEL repo only provided 1.8. (EPEL now has Zabbix 2.0 and 2.2 packages in addition to 1.8, though it did not at the time. If it had, I would never have tried this.)

So the tradeoff here is: Fedora has the latest software, but its releases are on a very short 13-month lifecycle, with new releases made about every six months. This means I had to plan for a maintenance window to upgrade Fedora twice a year, in addition to the usual periodic installation of updates.

For a monitoring system which is supposed to be keeping track of everything else, it's vital that such maintenance periods be as infrequent and as short as possible. With the requirement to upgrade so frequently, this would usually rule out such a distribution, but remember that I had more pressing concerns; it would be useless without the features I needed. So this is a tradeoff I made with (nearly) full knowledge of the consequences.

Not long ago, I did the Fedora 18-19 upgrade on this server, using Fedora's new fedup upgrade tool. I planned for a two-hour outage, with another two hours to possibly deal with any of the monitored services that might have died and that fact missed since Zabbix was down.

The actual service downtime was 11 minutes. That's from the time Zabbix stopped before reboot to the time it was back up and monitoring services after the completed upgrade. I did not realize that the downtime would be so short! I was expecting much more trouble, even though I know from experience that significant upgrade problems are uncommon with Fedora. (And it's been improved further: When I did the Fedora 19-20 upgrade, the complete downtime was an amazing six minutes. The same time for 20-21.)

This service will almost certainly be moved onto RHEL 7 when it becomes available. After this experience I'm much more confident in Fedora as a server and now intend to keep it, even with a major upgrade every six months. Moving off to RHEL would be much more disruptive, and might limit me in the future, because of the following:

It's unfortunate that Red Hat has such a long time between major releases; a similar delay between EL5 and EL6 led me to actually put an Ubuntu installation into production, something I am still kicking myself over to this day. (For that system, I considered Fedora, but strangely it did not have the software I needed packaged at all at the time, despite an older version being in EPEL.)

One "problem" no one mentioned about running Fedora is that you will see many new things, both large software projects and tiny enhancements, well in advance of their inclusion in RHEL. So when you go to manage your RHEL/CentOS systems you will miss them. For example, Fedora has a large number of bash completions which aren't yet in RHEL by default; one notable one is tab completion for package names in the yum command line.

So, it's certainly possible to use Fedora in production, so long as you can accept the tradeoffs:

  • There are no support contracts. You must have in-house expertise sufficient to manage the server and its services and deal with any issues that may arise; only community support is available, and there are no guarantees there. RHEL experience helps, as they are quite similar.
  • You must have a maintenance window to upgrade at least annually. Though every six months is better; if you upgrade annually you will have to upgrade two releases at once, which doubles the number of potential issues you will have to deal with at 3 am.
  • Updates may bring new versions of software, which you will have to deal with; however these will be point releases and not major versions. In rare cases significant new functionality might be added (e.g. BZ#319901). Typically, though, software remains on the same version number throughout the life of the release, with fixes backported; only some packages (such as PHP) track upstream point releases.
  • While there's no significant difference in the pace of security updates, they may not always be isolated from bugfix updates (again, such as PHP). Whether this is a problem depends on the service you are planning to run.

All things considered, Fedora is still not my first choice for a server platform, and probably never will be. (Though I've been a happy Fedora desktop user for its entire existence.) In the case where you absolutely need more current versions of software not available in a more "enterprisey" distribution, and you can accept the tradeoffs, then there is nothing wrong with using Fedora.

Finally, since you asked specifically about security, a few words on that.

As previously noted, there's no real difference in the pace of security updates between Fedora and any other distribution. Fedora packagers make special efforts to stay close to upstream and get these sorts of updates out as quickly as possible, sometimes even before the upstream project does.

Like its enterprisey big brother, Fedora also ships with a fairly locked down security configuration: services (except ssh) ship off by default; the default-deny firewall is enabled by default for both IPv4 and IPv6; SELinux is enforcing by default. In addition, Fedora is hardened in a number of other ways.

On the other hand, you get to see new security technology very early; one example is the recent introduction of FirewallD, which still isn't quite ready for prime time, though switching back to the previous firewall is easy.

There's nothing that dictates that Fedora is unsuited for use on servers, nor is there anything that dictates that "server distros" is the only choice for servers. It depends on your particular needs.

What you may gain from using the "server distros" is:

  • long term support
  • stable API's (little to no version-upgrades of libraries and applications)
  • backported securityfixes and bugfixes
  • paid support

My main "complaint" for the server-distros is that software/libraries tend to to be somewhat old, and the range of supported packages is much smaller than community driven efforts.

I.e. the long term support and the non-changing API's is something that commercial software vendors love, they won't have to rebuild their application for the newest libraries because the API suddenly changed. They can develop for Vendor Y Release X and know that this platform will be around for several years to come.

  • I realise that my answer may be somewhat "off topic" in regard to the actual content of your question, so look at it more as an answer to the title/topic of your question. Anyway, discussing security merits of various distrios is borderline pointless, they all provide quite adequate security, and you will probably be able to "harden" your way out of perceived vendor insecurities. If security is your primary concern, I'd suggest looking at something like OpenBSD which has security as their main focus. – Kjetil Joergensen Jul 14 '09 at 14:57

It's more about stability and rate of change than security, per se. Fedora is a platform for Red Hat to roll out new features and applications to validate their relevance, provide a platform to experiment, and work out integration issues.

That is usually not what you want a server to do -- you generally want a server to perform a function in the most stable way possible.

Depending on what you are doing, Fedora may be just fine. If you're developing Linux desktop apps, working with the bleeding edge may be desirable. Likewise, if you're working on a semester-long school project or some other limited duration project where the high tempo of changes isn't a concern, Fedora is fine as well.

    If some Fedora server is working fine and I do not upgrade it, even though new Fedora versions are released. Will it make Fedora stable too? After all it is not mandatory to upgrade to latest release version of OS and if I do not upgrade things will continue to work without any problem. So we can use Fedora for servers, if we do not try to keep upgrading to latest Fedora versions. Do you agree? – Saurabh Barjatiya Jul 14 '09 at 12:24
  • But what about security updates? You will do those, right? – Josh Brower Jul 14 '09 at 12:34
  • Yes, but I have never faced problems after package update. Security updates have never affected working of servers for me. Old config files are not replaced so things work well even after updates without any problem. – Saurabh Barjatiya Jul 14 '09 at 12:53
    It depends on what you are doing. For example: If you are running a mission critical application that makes use of database; you might not want to keep updating major versions of your database and risk incompatibiliy with your application code. – Guy C Jul 14 '09 at 12:58
  • Not talking about mission critical applications here. That would require too much safety and knowledge. Average servers where if for some unfortunate reason there is downtime, there is not too much loss. Specially no loss of life / complete purpose of server. – Saurabh Barjatiya Jul 14 '09 at 13:04
  • I guess it depends on you. I would be worried about security problems with some obscure package that is included in the base install or a rapid pace of change in packages that I depend on. RHEL/CentOS backports security fixes into older package versions so you don't need to re-test things. Fedora will just provide the latest version of a package. – duffbeer703 Jul 14 '09 at 14:24

The key point that keeps me from using Fedora for a server and preferring Debian, Ubuntu or CentOS instead is the stability and length of support. When you're running a server you want stability, security and longevity. Yes, almost every distro is packaging the same software so it doesn't matter there. It's a matter of what is tested, has security updates and is supported.

Fedora's release schedule of every 6 months is nice if you want bleeding edge but when talking about a server bleeding edge is not always a good thing. Add on top of that the fact Fedora only supports the last three versions that means you're looking at an unsupported OS in 18 months and having to upgrade. If you've ever done a Fedora upgrade they are usually bad and it's easier to do a clean install which on a desktop/laptop might not be so bad but for a server that means downtime and is unacceptable to most system administrators.

CentOS by far has the longest support cycle and during that time it is supported and security patches and updates are released so it's not the same release the entire time. The advantage of this is that you're not spending all your time preparing for the next upgrade. You have a stable server with stable tested software running on it.

Debian has a release schedule that is longer than Fedora but shorter then CentOS but is always up on security updates. The other advantage of Debian is a clean upgrade path. Debian releases are tested for both clean install and live upgrades and not actually released until it is able to be done successfully without problems. This attention to detail and willingness to push back a release date to clear more package bugs is one of it's strongest pros. The DEB package structure itself is also engineered to make upgrading very smooth and maintain your configurations. The only thing it's lacking really is commerical support, in which case you can look to Ubuntu which takes it's packages from Debian just like CentOS takes much of it's packaging from RHEL.

Edit: Added bold text to draw attention to fact that was obviously missed that I do not consider Fedora stable enough for a server platform.

  • I would have to agree with you on 18 months point and that only last three versions are supported. I have also always performed clean install and never upgraded so no experience of upgrade either. But I do manage few CentOS Servers. I hate using vim in CentOS and when I press Tab it tries some autocomplete which is irritating. Also when I had to install tools like awstats / denyhosts I could not find them on default CentOS repositories. I had to install them by source. Infact I had tried rpm of awstats that I got from its website and it failed to work. So I had to install it by source at last. – Saurabh Barjatiya Jul 14 '09 at 13:56
  • So fedora saves from trouble in these cases as awstats comes with default packages and denyhosts can be installed using yum without any problem with default repos. Luckily in my use cases 18 months reinstalltion had not proved to be so much problem. Infact it helps in cleaning up configuration lines no longer needed. But I guess for big/famous website servers, ISP servers, etc. 18 months is too soon. Thanks for the reply. – Saurabh Barjatiya Jul 14 '09 at 14:05
  • It's not even 18 months. Support for release n is generally stopped one month after the n+2 is released. So, that has you upgrading every 12 months, and that's starting installing the new fedora as soon as it comes out. If you want to leave each fedora release to stabalise for 2/3 months before installing on your servers, then you're looking at a reinstall every 6 months. – theotherreceive Jul 14 '09 at 14:22
    For anything that's not in the CentOS-Base, CentOS-Plus or CentOS-Extra repos you can always look at the EPEL repository for high quality tested RPM packages... AWstats is available there: * epel: mirrors.tummy.com Available Packages Name : awstats Arch : noarch Version : 6.7 Release : 5.el5 Size : 1.1 M Repo : epel Summary : Advanced Web Statistics URL : http://awstats.sourceforge.net License : GPLv2 – Jeremy Bouse Jul 14 '09 at 14:32
    If your problem with CentOS is the way vim behaves I suggest you just modify the vim configuration. Installing 1 or 2 apps from source and modifying your vim configuration can be scripted and just added as a post install task to run when building a new server. – sclarson Jul 14 '09 at 14:38
  • I agree on smaller reinstall cycles. Thanks for info on repositories. Point with vim example was that it is easy to use Fedora in general. I use space bar on CentOS Servers now. Lazy in finding solution for tab problem. – Saurabh Barjatiya Jul 14 '09 at 14:55
  • Even with new release every six months and waiting 2-3 months for stabilization. We get 9-10 months between reinstalls and not 6. Dont reduce time even more when it is already less, specially as it seems to be only credible disadvantage of using Fedora for servers so far. – Saurabh Barjatiya Jul 14 '09 at 15:49
  • Fedora and stability in the same sentence? That doesn't look right. – Milan Babuškov Jul 14 '09 at 16:15
  • Well I only ran Fedora long enough to go through one miserable upgrade experience on my laptop. My existing laptop and desktop run Ubuntu while every server I maintain is either Debian, CentOS or RHEL. – Jeremy Bouse Jul 14 '09 at 16:43
  • Milan, I'm assuming you're the one that voted me down... Obviously you mis-read my comment... No where did I refer to Fedora with stability... – Jeremy Bouse Jul 14 '09 at 16:52
  • Fedora upgrades are much, much smoother now. Going from F18-F19 with fedup, service interruption was only 11 minutes. I'm using it in a couple of isolated places where "bleeding edge" - or at least much newer than what RHEL provides - is a requirement. – Michael Hampton Aug 30 '13 at 15:15

My biggest argument would be:

Servers are not its primary intended audience

Likewise, I would not recommend using Ubuntu for a server environment, and many would disagree with me, but that's simply not the primary target.

Software that is targeted at home users and desktops tends to be lacking in the departments that are server-oriented, just like things that are targeted at the server don't work as well for home users.

Additionally, platforms targeted at home users tend to attract more home users, thus, the bugs that are discovered, reported, and fixed, will be prioritized due to that effect.

Likewise, platforms targeted at server use will tend to attract server use, and thus bugs related to server use will be more likely to have been found and solved by the time you get to them.

( I have at least one friend who has professional experience with Ubuntu in production environments and says he was entirely horrified by it, and would much prefer CentOS for production servers because. )


Fedora comes with seLinux preinstalled and nicely configured.

Its important to note that seLinux does not imply security.

From the NSA's own seLinux website:

Security-enhanced Linux is only intended to demonstrate mandatory controls in a modern operating system like Linux and thus is very unlikely by itself to meet any interesting definition of secure system.

  • All distributions will use similar servers like apache, open-SSH, vsftpd, sendmail, postfix, etc. If bugs are discovered and fixed it will affect all distributions. We wont have very good stable apache for one distribution and buggy apache for others. This is assuming apache developers develop and improve apache and distributions just use the same thing with minor changes in path, etc. – Saurabh Barjatiya Jul 14 '09 at 12:28
  • OK. May be seLinux does not adds to security. It wont reduce it either. So is Fedora as good as other distributions then? – Saurabh Barjatiya Jul 14 '09 at 12:47
    It doesn't matter about the individual software, what matters is how quickly $OS can package the fix and get it to you, and if nobody using that software on your platform, the liklihood of getting the fix is less. This is more so for weird stuff desktops never use like network block devices etc. Also, apache on fedora != apache on ubuntu, they both have vendor specific patch sets, and even have different directory layouts! – Kent Fredric Jul 14 '09 at 13:53
    All distributions use the same software, but not at the same version. Fedora will give you the latest version of everything, where new features are being introduced and tested while other distributions often give you older versions that have been tested for longer. It's not an accident, fedora aims to do this. You should at least accept and prepare to deal with that fact if you plan to run it in production – theotherreceive Jul 14 '09 at 14:27
  • I am not a sysadmin, but one of our sysadmins once disabled SELinux for Apache just because some PHP script needed to create a folder. This failed, and Red Hat stated: *"The security goal is to make sure that Apache HTTP is only reading the static Web content, and not doing anything else such as writing to the content, connecting to database sockets, reading user home directories, etc"* **What I am trying to say** is: if one doesn't understand SELinux, then it might in fact *decrease* security if people just disable it altogether, while other security measures are not in place? – Arjan Jul 14 '09 at 14:34
  • Disabling selinux when other measures like correct permissions, ownsers for files / directories are not there is more of sysadmin mistake. Cant blame fedora for that. But yes, SELinux is damn hard to use / learn. I have seen people disable SELinux just after installation in many cases. – Saurabh Barjatiya Jul 14 '09 at 14:57
  • The text about SELinux here may be misleading. SELinux is certainly not useful "by itself" but no distribution actually ships SELinux "by itself"! Rather they ship the [reference policy](http://oss.tresys.com/projects/refpolicy) and distribution-specific modifications to it. The security policy is what makes SELinux useful. – Michael Hampton Jun 24 '13 at 21:26

No Support.

Fedora does not have tech support contracts like Red Hat enterprise. There is no one to call if you have a show-stopping issue.

    We have to pay for those tech support contracts. So it is kind of trade of between cost and support. Plus it does not makes Fedora unsecure. It just means you are on your own. Things have worked well so far without support. I am hoping it would stay same. Web search, man pages and documentation help a lot. Now we have sites like serverfault for help. Definitely, if one can afford then there might be sense of safety with enterprise editions that we can call for help in case of problems. – Saurabh Barjatiya Jul 14 '09 at 12:45

I'm a big fedora fan, I think it's wonderful, and I run it on all my desktops/laptops, but I wouldn't run it on any of my servers.

  • Fedora aims to be closer to the 'bleeding edge'. This means you will get newer software that has spent less time being tested. Since no release comes out at the exact same time it's hard to get exact numbers on this, but I feel that ubuntu is often one release behind on new features, while debian/centos/redhat are much further behind.

  • It's my impression that because of this there are more updates on fedora , but again I don't have any numbers to back this up.

What really swings it though it the lack of the LTS model that ubuntu has. You can install an ubuntu LTS a few months after it's been released and know that it's had plenty of time to sort out any major issues and settle down somewhat.

After that you know you have a minimum 4 years of further support and upgrades before you have to upgrade your server. I could live with any of the other potential issues with running fefora, but not with having to move release on each box a minimum of once per year (probably twice though).

Edit: Found some numbers...

Fedora 11 comes with openssh server version 5.2. When it's released ubuntu karmic will only have version 5.1, the same version that debian lenny has. The centos website is too crap for me to be able to find a version, but afaik they're on 4.x

It's not that fedora is insecure. It's that it ships with bleeding edge packages, and that it refreshes very quickly, so you have to go through upgrades every year or so to keep getting security updates. That's a big deal if you've got any non-trivial number of servers, especially given that the fedora update process (iirc) requires downtime.

  • If some new vulnerabiltiy is discovered. All distributions would be vulnerable and we would have to apply security patches. I did not understand the downtime part of fedora update process. I update systems without any problem without rebooting. Only kernel updates require rebooting but that is understandable. – Saurabh Barjatiya Jul 14 '09 at 12:20
    Nope, no downtime here ... except the once in a long while kernel upgrade. Then again, all of us Linux folk eventually reboot the ol' box for a kernel upgrade, so it's fair – bobby Jul 14 '09 at 12:21
    The point is that after some point, Fedora abandons the distribution as "too old" and you don't get any more security updates for it. At that point you are looking at either a rev-to-rev update (which I've never had go well) or a rebuild. If you have lots of computers to deal with, then stability, plus the knowledge that security updates will come for several years, is good. – David Mackintosh Jul 14 '09 at 14:36
  • David's said it far better than I could here. – Cian Jul 14 '09 at 18:06

The use of Fedora on a server versus something like CentOS, Debian, Ubuntu, Gentoo, Slackware, SLES, etc really comes down to the right tool for the job.

The main complaint you will find from server admins about Fedora on the server is the upgrade cycle every 6 months to a year (depending on whether you always want to be on the latest or skip every other release). As you pointed out, Fedora installs "secure by default" configurations and provides a lot of tools for maintaining a secure system. Especially on a server, the preupgrade tool will handle migrations between different Fedora releases just fine which mitigates that concern somewhat.

If you want a longer release cycle, then something like CentOS (which is essentially the free version of Red Hat Enterprise Linux) may be easier on your workload.

To summarize, I think you're just fine with Fedora if you're happy with it. I've never seen any evidence to indicate that Debian, Ubuntu, or CentOS are particularly more secure than Fedora.

Any operating system can be made secure. Two points about Fedora as a server. One, every time you upgrade a software version you are running the risk of introducing new bugs and security problems not present in the prior version. This is why companies will want to wait a year after software comes out before installing it, so a lot of the bugs and security issues can be fixed. You don't want to switch to new versions every time one comes out do to the migration headaches and new security issues involved. Second Fedora doesn't have the ability to get corporate support like RedHat or Ubuntu.

    It can be seen as a problem too. Not using latest versions means we are exposed to well known exploits. Quoting from on DNS and BIND, that I was reading yesterday as it is - "Subscribe to one of the advisory services provided by SANS (www.sans.org) or CERT (www.cert.org), as well as many others, and take action on BIND and related technology alerts. Depending on the severity of the alert, this can demand an immediate upgrade followed by a quick test before fast system-wide replacement. Better in this case to risk a new problem than a known exploit." – Saurabh Barjatiya Jul 14 '09 at 12:33
    If you have a server OS supported by a large company they will backport any security fixes they need to if the affected version of the software is still part of a version of there OS that they offer support for. – Jared Jul 14 '09 at 12:59

We use RHEL at work. If you had to upgrade 7k servers every 6 or 12 months, we'd never be ahead. We are still getting Win2k3 servers to 2008.

Fedora releases are too frequent for a company with a lot of servers to stay current. For a small business, sure Fedora is probably okay to use. But then again, you would need a linux admin on site and most can't afford one to troubleshoot a lot of issues. So that's where RHEL has an advantage - paid support.

I used Debian at home. I just upgraded from 7 to 8 and it went very smooth. Ubuntu has a server too, but Ubuntu is equivalent to Fedora. Debian takes a long time to roll out new packages because they test them thoroughly. The downside is, you may not have the latest Apache or MySQL or whatever application you need that has the features you want. Sure you can download it separately, but it defeats the purpose of having a "stable and secure" OS.

  • Even [I wouldn't use Fedora for everything](http://serverfault.com/a/547456/126632). But there are a few targeted cases where a rapid update cycle may make more sense. Certain web applications, for instance. – Michael Hampton Jun 04 '15 at 04:27

Also - features/functionality may appear and then be yoinked in the next release - which is not [generally] helpful for a server, since you want reliability. OTOH, if you install, say, F11 and stick with it for 2-4 years like you would've with CentOS 5 or Ubuntu LTS, then there's no real difference. It's about comfort levels.

Usually what a system administrator wants from a server-oriented distribution is:

  1. No bleeding edge software, even on the latest release
  2. All the software you need should be available from the official repositories: in a production environment sometimes you are not allowed to use packages pulled from random untrusted websites or, even worse, locally compiled.
  3. Centralized and timely security updates from the official repos
  4. Package install scripts and policies (provided by the distribution) that ensure smooth upgrades [i.e. upgrading a configuration file contents when a daemon is upgraded to a new release]
  5. Optionally, corporate support

Fedora fails on this points, afaik

CentOS fails on 2,3,4,5

Debian fails on 5

Ubuntu fails on 1

Your choice :)

    I'd research this list before posting something of this magnitude. A newcomer might take your opinion for fact. I don't recall Fedora or CentOS using "untrusted" repositories any more than Ubuntu. I recall my last "centralized and timely" security updates about 4 days ago from Fedora. Have you seen my package install scripts? They're _classy_! Please note when you're stating opinion or fact next time, to clear it up for the rest of us. If you really wanted to beat the list up you could've just said FreeBSD and blew them all out of the water, minus the corporate support. – bobby Jul 14 '09 at 12:56
    IMHO CentOS only fails on 5. There is a risk associated with 3 but they are pretty timely in my experience. – Mark Jul 14 '09 at 13:18
    If you're going to make wild claims about the different distros in your suggestions, you should really substantiate them a bit more with facts. Other than the lack of corporate support (which I'm sure you could find consultants willing to provide), I disagree with your assessment of Fedora failing the rest. – Ophidian Jul 14 '09 at 14:39
    Whatever about 'untrusted', i found the centos repos fairly lacking the last (only) time I ran it, and had to supplement them with several 3rd party repos. I haven't found this to be the case in fedora. The only 3rd party repo i've used in fedora is rpmfusion for stuff like non-free media and graphics packages, which I can't see a huge need for on my servers. – theotherreceive Jul 14 '09 at 14:42
    I'd vote you up just for the 1,2,3,4,5 points. But the claims about which distro fails on which count are just wrong. – Milan Babuškov Jul 14 '09 at 16:17
  • @theotherreceive The only 3rd party repo I use on CentOS is the EPEL, which is essentially Fedora Extras from back in the day and mostly repackaging of software from Fedora for RHEL. Base+EPEL covers pretty much everything I need other than more cutting edge stuff that just showed up in very recent versions of Fedora. – Ophidian Jul 14 '09 at 17:13

Wait... What? As far as I know, Wikipedia is running on Fedora. Not on RedHat – on Fedora. So there is really no problem with Fedora being used as a WebServer :)

  • I think not:[me@risby ~]$ telnet en.wikipedia.org 22 [...] SSH-2.0-OpenSSH_5.9p1 Debian-5ubuntu1.1 – MadHatter Aug 30 '13 at 14:18
  • Wikimedia Foundation used to use Fedora but [switched to Ubuntu in 2008](http://arstechnica.com/information-technology/2008/10/wikipedia-adopts-ubuntu-for-its-server-infrastructure/). – Michael Hampton Aug 30 '13 at 14:23