But if a user chooses to load a zenwalk-6.4 repository on a new installation of Zenwalk 7 (why would he/she want to do that?), how will that affect the system, given that the default applications installed will be newer than the those in the zenwalk-6.4 repository?
Zenwalk does not have an automatic updates notification tool installed. The way you get updates is to load a repository, and check the Modified option under Filters. Having a dedicated and automatic update notifier, I think, is a preferable solution to update notification than a method that requires starting the (graphical) package manager before you can see updates.
There is actually an update notification tool – ZUT, Zenwalk Update Tool – in the repository. When installed, it requires manual intervention before it can check for updates. Last time I reviewed Zenwalk (see Zenwalk 6.2 review), ZUT did not work when I installed it, so this is an improvement.
Like most graphical package managers, xnetpkg will pop-up the type of dialog box shown below when you attempt to install an application. What I have not observed on other graphical package managers (I have used) is the Include deps option. It looks like a good idea, but given this option, how do you know whether to install or exclude the listed dependencies? I doubt that most users will know what to do. While attempting to install VLC, for example, I clicked on Install packages instead of Include deps.
After installation, I could not start VLC from the menu. Attempting to launch it from a shell terminal revealed why it could not start. I reinstalled it, but this time by clicking on Include deps. Had no problem starting VLC afterwards.
Graphical Administrative Tools: The graphical applications for managing an installation of Zenwalk 7 are accessible from Menu > Settings and Menu > System. Within the Settings menu category is a Control Panel entry, which contains some of the applications under Settings. Also, under the System menu category, is a Control Panel entry, which contains most of the applications under System.
There appears to be no uniformity in the structure and organization of the graphical applications in Settings Manager and Control Panel. In the Settings Manager, for example, some of the applications will open in a separate window, while others will open in place – with a single click. In the Control Panel, the applications will open with a double click – in a separate window. Also, it would appear that the tools under Settings Manager are for performing non-root-level administrative tasks, and those under Control Panel will be for those tasks requiring authentication as root. But many of the applications under Control Panel do not require authentication.
I think it would be better if all user-level tools be in the Settings Manager, while the Control Panel contains just the root-level tools, with authentication required to use them. That is how Mandriva has its graphical administrative tools organized. That also is how they will be organized in PC-BSD 9 (yet to be released).
The Control Panel
Security: Of all the desktop distributions that have been reviewed and listed on this website, Zenwalk 7 has the weakest out-of-the-box security profile. For starters, there are three open ports – 22 (ssh), 37 (time), and 113 (auth). This would be ok, if they are protected, but the firewall is not enabled. (The graphical firewall client installed – Firestarter, is not configured.)
Regarding the OpenSSH server, I could connect to it from other hosts in my internet. That means it is also wide open to connections from the Internet. If you know how often and how aggressively the ssh service is probed, you will understand why leaving it wide open is a recipe for disaster. PC-BSD presents a good example for how a service, like OpenSSH server, should be protected – if it is enabled (out-of-the-box). For one, PC-BSD protects it with a firewall. Then it calls on the services of DenyHosts, a program designed solely to protect an OpenSSH server from brute-force attacks, as another layer of defense.
I think all distributions, if they enable the ssh service by default, should follow PC-BSD’s lead on this. Regarding the two inetd services – time and auth, I cannot think of any good reason they are enabled – on a system with a weak network security posture. Until somebody tells me why these two services are running, my advice to you, if you are running Zenwalk 7, is to disable them.
An interesting observation about services on Zenwalk 7 is that though ssh, a service most people will not use and which those that use it only do so occasionally, is running out of the box. However, cups, the printing service that most people will use, and use often, is not enabled. So do not connect a printer to a fresh installation of Zenwalk 7 and expect it to be configured automatically, like the best distributions do; you will first have to enable cups by running service start cups from a shell terminal. Then when you connect a printer, it will be configured automagically.