Groups | Search | Server Info | Keyboard shortcuts | Login | Register [http] [https] [nntp] [nntps]
Groups > linux.debian.security > #6158
| Path | csiph.com!news.mixmin.net!aioe.org!bofh.it!news.nic.it!robomod |
|---|---|
| From | lkcl <luke.leighton@gmail.com> |
| Newsgroups | linux.debian.devel, linux.debian.project, linux.debian.security |
| Subject | Re: Re: Concerns about Security of packages in Debain OS and the Operating system itself. |
| Date | Wed, 29 Jun 2022 16:20:01 +0200 |
| Message-ID | <EDGHT-81sZ-5@gated-at.bofh.it> (permalink) |
| References | <EDFC9-80Ot-3@gated-at.bofh.it> |
| X-Original-To | Ravi Dwivedi <ravi@ravidwivedi.in> |
| X-Mailbox-Line | From debian-devel-request@lists.debian.org Wed Jun 29 14:18:09 2022 |
| Old-Return-Path | <luke.leighton@gmail.com> |
| X-Amavis-Spam-Status | No, score=-6.189 tagged_above=-10000 required=5.3 tests=[BAYES_00=-2, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, FREEMAIL_FROM=0.001, LDO_WHITELIST=-5, MURPHY_DRUGS_REL8=0.02, RCVD_IN_DNSWL_NONE=-0.0001, RERE=1, T_SCC_BODY_TEXT_LINE=-0.01] autolearn=unavailable autolearn_force=no |
| X-Policyd-Weight | NOT_IN_SBL_XBL_SPAMHAUS=-1.5 CL_IP_EQ_HELO_IP=-2 (check from: .gmail. - helo: .mail-vk1-xa2c.google. - helo-domain: .google.) FROM/MX_MATCHES_HELO(DOMAIN)=-2; rate: -5.5 |
| X-Policyd-Weight | using cached result; rate: -5.5 |
| X-Gm-Message-State | AJIora9ndOwplWycBY/0GXUbppIQPP7tQx6clRKlW8lbrZUinGs7PmHt qAfBNC440B572nvILe+IGedIlBAoGpytW7alD/M= |
| X-Google-SMTP-Source | AGRyM1ti5+jxmanZM1whwGIcChRlOwGMTRbmEruEqwBQREMOvbrPtqHNcHrGps2PpA1HgBDQjtEpkBu8RFUC1CjxYMk= |
| X-Received | by 2002:a05:6122:506:b0:36c:3d23:38e7 with SMTP id x6-20020a056122050600b0036c3d2338e7mr4935205vko.26.1656511252920; Wed, 29 Jun 2022 07:00:52 -0700 (PDT) |
| MIME-Version | 1.0 |
| Content-Type | text/plain; charset="UTF-8" |
| X-Mailing-List | <debian-devel@lists.debian.org> archive/latest/352649 |
| List-ID | <debian-devel.lists.debian.org> |
| List-URL | <https://lists.debian.org/debian-devel/> |
| List-Archive | https://lists.debian.org/msgid-search/CAPweEDxVZWJEwma8jOzpAE5ja3Y+Cks0HoAtac+b7y7NAPJinw@mail.gmail.com |
| Approved | robomod@news.nic.it |
| Lines | 45 |
| Organization | linux.* mail to news gateway |
| Sender | robomod@news.nic.it |
| X-Original-Cc | debian-devel@lists.debian.org, Satvik Sinha <sinhasatvik214@gmail.com>, debian-project@lists.debian.org, debian-security@lists.debian.org |
| X-Original-Date | Wed, 29 Jun 2022 15:00:38 +0100 |
| X-Original-Message-ID | <CAPweEDxVZWJEwma8jOzpAE5ja3Y+Cks0HoAtac+b7y7NAPJinw@mail.gmail.com> |
| X-Original-References | <362b56e5-ae52-de8d-d8c5-8ee57a420236@ravidwivedi.in> |
| Xref | csiph.com linux.debian.devel:104874 linux.debian.project:12865 linux.debian.security:6158 |
Cross-posted to 3 groups.
Show key headers only | View raw
On Wed, Jun 29, 2022 at 1:46 PM Ravi Dwivedi <ravi@ravidwivedi.in> wrote: > Since the below mentioned analysis of Debian's security, and that too > compared to other distros, is not very well-known outside of Debian > project honestly i don't believe it's even widely known *in* the debian project [quite how damn good what they have is, compared to everything else] > (it didn't come up in any internet searches, the web of trust > gets mentioned but there is not much explanation on it), I suggest > writing in somewhere in Debian wiki or blog post. my replies on this topic keep getting filtered. annoyingly. http://lkcl.net/reports/wot/ http://lkcl.net/reports/wot/Makefile http://lkcl.net/reports/wot/wot.tex http://lkcl.net/reports/wot/wot.pdf > I am willing to write that as well if the Debian project does not have > any problems. patches welcomed to the above (or links to it). yes, debian has a "perception" problem. there are plenty of complaints "But It's Rubbish Because It's So Long To Releases" and the complainers basically have f***-all knowledge of precisely *why* debian's is both resilient and stable, or quite how much work went into making that happen. but to be honest with NixOS developers *genuinely* believing both that their distro is "secure" as well as "The World's First Reproducible Build Distro", given that they had absolutely no idea that debian and fedora both started the work on reproducible builds over 8 years ago, https://archive.fosdem.org/2014/schedule/event/reproducibledebian/ without which NixOS couldn't even begin to make its incorrect claims, and that the NixOS developers had never even seen the wiki page nor the build graph, https://wiki.debian.org/ReproducibleBuilds this indicates that there's a much bigger perception problem for debian that goes way beyond just security and the web-of-trust. how to fix that? honestly i have no idea. should debian developers even care, and just get on with what they do best? (serious question!) l.
Back to linux.debian.security | Previous | Next — Previous in thread | Find similar
Re:Re: Concerns about Security of packages in Debain OS and the Operating system itself. Ravi Dwivedi <ravi@ravidwivedi.in> - 2022-06-29 15:10 +0200 Re: Re: Concerns about Security of packages in Debain OS and the Operating system itself. lkcl <luke.leighton@gmail.com> - 2022-06-29 16:20 +0200
csiph-web