[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: How secure is an installation with with no non-free packages?

Jose Luis Rivas:
> So no, there's no other contrib/non-free packages there.

I didn't want to imply, that there are preinstalled.

> The reason why you can't install Debian directly from a WiFi with some
> manufacturers is precisely that we do not ship non-free nor contrib
> software by default in our Debian installation different to what does
> other distributions like Ubuntu (no offense meant).

And this is fine and I don't want to go into that political vs
convenience discussion either.

So we have the (intel/amd)-microcode and the firmware-linux-nonfree
package which should be installed to improve security? Are there any
other packages of this type?

What would you do if there was an exploit in the wild, which uses an
vulnerability in (intel/amd)? Let's say any website could prepare some
html code which would trigger a remote code execution. One that can only
be fixed by having the (intel/amd)-microcode package installed.

Is this a possible scenario?

What would you (Debian) do in this case?

(I am not suggesting anything here, I am just interested in those
questions.)
Reply to: