Full Disclosure mailing list archives

Re: Re: Re: a secure base system


From: martin f krafft <madduck () madduck net>
Date: Tue, 16 Mar 2004 06:57:39 +0100

also sprach Tobias Weisserth <tobias () weisserth de> [2004.03.15.2352 +0100]:
I'd chose Debian over OpenBSD on workstations anytime because of
usability.

What I failed to mention is that Debian != Linux. I myself run
Debian NetBSD on a couple of machines. That's the NetBSD kernel with
Debian management, or "the best of both worlds".

And the 6000+ packages in Debian speak for themselves.

14000+

Though comparing Debian to other desktop Linux distributions is
a totally different matter. For example, I'd prefer Fedora Core
1 over Debian right now because they have a decent security policy
too and they keep improving on community aspects while offering
top of the notch software.

Sure, but the cleanliness of the system, and the maintainability are
not even close. But we don't have to go there.

Holding Debian's very good tools against other distributions will
become more and more difficult because most other RPM based
distributions have begun to ad"apt" (*g*) Debian tools: apt4rpm,
yum, up2date and Mandrake has something else too... just to name
a few.

Debian is not just apt. apt is great, but there is *a lot* more than
apt which makes Debian stand out.

And the soon to be released Core 2 will feature a 2.6 kernel, KDE 3.2
and lots of other cool stuff. There's one other interesting thing:
Fedora Core 2 will feature SELinux by default as it seems.

Russell Coker has a Debian repository to make any Debian machine use
SELinux.

Isn't mixing unstable and testing a Bad Thing(tm)?

Why? It may require some work here and there, but why should it be
bad?

So I'm assuming he is talking about the public terminals in the PC
classes where he wants to upgrade the GNU/Linux installations.
Anybody can get into these classes and log on if he has a valid
login. So it only takes a lost or stolen login and you have
a potential bad guy right inside your network.

We use Debian unstable successfully in such environments. In
addition to FAI and cfengine2, we can get rid of any security
problem within minutes.

-- 
martin;              (greetings from the heart of the sun.)
  \____ echo mailto: !#^."<*>"|tr "<*> mailto:"; net@madduck
 
invalid/expired pgp subkeys? use subkeys.pgp.net as keyserver!
 
"never try to explain computers to a layman.
 it's easier to explain sex to a virgin."
                                                    -- robert heinlein
 
(note, however, that virgins tend to know a lot about computers.)

Attachment: signature.asc
Description: Digital signature


Current thread: