Ubuntu has too many problems for me to want to run it in a enterprise environment. However, it has occurred to me that there aren’t a lot of distros that are like the Ubuntu LTS.
Basic requirements for a LTS:
- at least 2 years of support
- semi recent versions of applications like Chrome and Firefox (might consider flatpak)
- a stable experience that isn’t buggy
- fast security updates
Distros considered:
- Debian (stable)
- Rocky Linux
- openSUSE
- Cent OS stream
- Fedora
As far as I can tell none of the options listed are quite suitable. They are either to unstable or way to out of date. I like Rocky Linux but it doesn’t seem to be desktop focused as far as I can tell. I would use Debian but Debian doesn’t have the greatest security defaults. (No selinux profiles out of the box)
For a desktop I’d use Debian + Gnome (you won’t get cutting edge on stable but it is not that important) and flatpack for most of the apps. Sincerely I don’t see why selinux is so important on a workstation.
I find it interesting that people think things like selinux aren’t important, but at the same time appreciate(?) the isolation in flatpak or wayland.
Tbo, that’s a little bit to little research you provided considering you want to use it for work.
E.g. why do you need more than 2 years of support for a workstation?
Stating that debian isn’t secure enough really confuses me as it is one of the most solid distros out there.
E.g. why do you need more than 2 years of support for a workstation?
Enterprise isn’t rolling out the new release on release day.
Enterprise is waiting until the “.1” release so that the most glaring bugs can be identified and resolved. And enterprise is doing gradual rollouts after that, with validation, training, hardware refreshes, etc.
For a release with only two years of security updates, it would not be surprising for a given enterprise to only have the chance to take advantage of, at most, one year of them.
A two-year LTS release cadence with a five-year tail of support and security updates is much more practical. That leaves enough overlap in support for enterprises to maintain their own two-year refresh cadence without having to go through periods without security updates and support.
Stating that debian isn’t secure enough really confuses me as it is one of the most solid distros out there.
Where is the toggle to enable NIST-certified FIPS compliance in Debian? On Ubuntu you just enable it using the
proclient and reboot.Agree, also confused because Debian seemed to get security updates rather frequently when I’ve used it.
That’s like their whole thing, stable and security updates. I would be curious if there are examples of exploits that weren’t patched quickly on Debian stable.
Debian makes it a little tricky to meet security standards. It isn’t insecure from lack of updates but it doesn’t ship with selinux out of the box.
Not “out-of-the-box” but adding selinux to Debian is pretty simple.
As I see on debian and derivatives apparmor is the way, but not sure if that’s preinstalled.
Enterprise environment in what sense, desktop or server deployment?
I ask because I wouldn’t want a “semi recent … Chrome or Firefox” installed on a production server
I wouldn’t want any GUI installed on a production server.
What issues does Ubuntu LTS have that you need to overcome?
What use case ? - desktops for office work, music production, a student lab?
FWIW. Kubuntu is my favorite, generally used for research and reading, light web mail.
This is more of a general discussion post as I’ve scene many reviews complain about Ubuntu
In contrast to those “many reviews”, this reviewer says that Ubuntu is fine and always has been.
Seriously, Ubuntu hate is mostly just Snap hate. The Snap problem is overstated and easily worked around if necessary. Ubuntu remains a very solid choice on desktop.
Rocky linux is definitely for desktop too. It was designed as a successor of Centos, which was widely used in medium and big companies. We currently use Rocky 8 where I work. It works fine.
Honestly, we (a large Fortune 500 company hosting sites serving between 250m and 500m unique monthly visitors) have standardized on Ubuntu LTS and Rocky Linux. Both have been rock solid. Kubernetes and other things that need regular updates and patches (aka things that directly power forward facing apis/sites) tend to be Ubuntu and the rest Rocky. We do NOT however run any ui’s or browsers or the like on them. I highly recommend against doing so on any server.
If you mean desktop, we tend to not use Linux for desktop apps, instead going with MacOS and Windows with group policies and forced updates. Definitely prefer the stability of MacOS over Windows, but both have their place in the enterprise. When I was running a Linux desktop there, it was Fedora Silverblue. Snaps are not my friend.
Hey just to ptich in my two cents. Our shop is running a very similar setup (Enterprise FinTech, MAU is around 100-200m across all sites), with Ubuntu and Rocky on k8s with all workstations running MacOS and Windows since compliance policies are easy to apply to both. I can vouch for Ubuntu LTS given other options. Doesn’t require a support contract, really solid security patch cycles and everything runs without issues.
Also unsure of using Linux as a workstation solution since at the time of setup, all the viable distos required you to either manually roll a compliance solution, or use their specific sometimes built-in solutions (see RHEL). That may have changed in the passed few years though.
Mint is built on Ubuntu LTS but removes some of the problematic bits, it has a recent Firefox and Chrome is of course available, Fletpak support is also integrated.
I’ve run Alma and RHEL as a desktop and it was fine, my main use case was “like Fedora but stable” (more than a year of support). However the repositories are very limited, even with EPEL and third parties, so it eventually irked me enough to switch away. Also no btrfs support without replacing the kernel and adding support from third party places.
This is the response I was expecting
is there gnome mint?
Not officially, you can install it separately but you’ll probably have to tie up some loose ends (haven’t tried)
You can look into Fedora if you want a good gnome experience or Debian if you prefer. The latter will have an old gnome version.
Not as a spin but both vanilla and Ubuntu versions of Gnome are available in the repositories.
Debian or Alma
I’ve found a nice home with Mint Debian edition. It has the right balance between stable and current that I prefer.
If I didn’t use Ubuntu LTS, I’d be using Debian.
What problems do you have on Ubuntu? What software is too out of date? Why do you need LTS for a workstation?
They are either to unstable or way to out of date.
Just use flatpak/appimage/distrobox/nix. Half of my packages are Debian stable (MX), the other half are nix unstable.
Debian doesn’t have the greatest security defaults. (No selinux profiles out of the box)
It does have apparmor though. If you need selinux specifically, then that’s going to limit your choices to like RH and Suse distros.
Kubuntu and other Ubuntu derivatives are okay. they still use apt/flatpak on their software center
Not the official ones
as long you stayed away from Ubuntu GNOME made by canonical and stick to other Ubuntu derivatives like Kubuntu,Xubuntu etc. they are good and stable distros without forced snap (I know Thunderbird,Chromium and Firefox got snapped because of the backend side. So, this is not their fault and you can switch to other ppas to mitigate this) and their software center app like discover still prioritise apt and flatpak.
Linux Mint Debian Edition
Tails. It may not be designed for LTS, but it appears to be stable and secure.
