Re: Re: Concerns about Security of packages in Debain OS and the Operating system itself.

To: Ravi Dwivedi <ravi@ravidwivedi.in>
Cc: debian-devel@lists.debian.org, Satvik Sinha <sinhasatvik214@gmail.com>, debian-project@lists.debian.org, debian-security@lists.debian.org
Subject: Re: Re: Concerns about Security of packages in Debain OS and the Operating system itself.
From: lkcl <luke.leighton@gmail.com>
Date: Wed, 29 Jun 2022 15:00:38 +0100
Message-id: <[🔎] CAPweEDxVZWJEwma8jOzpAE5ja3Y+Cks0HoAtac+b7y7NAPJinw@mail.gmail.com>
In-reply-to: <[🔎] 362b56e5-ae52-de8d-d8c5-8ee57a420236@ravidwivedi.in>
References: <[🔎] 362b56e5-ae52-de8d-d8c5-8ee57a420236@ravidwivedi.in>

On Wed, Jun 29, 2022 at 1:46 PM Ravi Dwivedi <ravi@ravidwivedi.in> wrote:

> Since the below mentioned analysis of Debian's security, and that too
> compared to other distros, is not very well-known outside of Debian
> project

honestly i don't believe it's even widely known *in* the debian project
[quite how damn good what they have is, compared to everything else]

> (it didn't come up in any internet searches, the web of trust
> gets mentioned but there is not much explanation on it), I suggest
> writing in somewhere in Debian wiki or blog post.

my replies on this topic keep getting filtered. annoyingly.

http://lkcl.net/reports/wot/
http://lkcl.net/reports/wot/Makefile
http://lkcl.net/reports/wot/wot.tex
http://lkcl.net/reports/wot/wot.pdf

> I am willing to write that as well if the Debian project does not have
> any problems.

patches welcomed to the above (or links to it).

yes, debian has a "perception" problem.  there are plenty of complaints
"But It's Rubbish Because It's So Long To Releases" and the complainers
basically have f***-all knowledge of precisely *why* debian's is both resilient
and stable, or quite how much work went into making that happen.

but to be honest with NixOS developers *genuinely* believing both that
their distro is "secure" as well as "The World's First Reproducible Build
Distro", given that they had absolutely no idea that debian and fedora
both started the work on reproducible builds over 8 years ago,
https://archive.fosdem.org/2014/schedule/event/reproducibledebian/
without which NixOS couldn't even begin to make its incorrect claims, and
that the NixOS developers had never even seen the wiki page nor the build
graph, https://wiki.debian.org/ReproducibleBuilds
this indicates that there's a much bigger perception problem for debian
that goes way beyond just security and the web-of-trust.

how to fix that? honestly i have no idea.  should debian developers
even care, and just get on with what they do best? (serious question!)

l.

Reply to:

References:
- Re:Re: Concerns about Security of packages in Debain OS and the Operating system itself.
  - From: Ravi Dwivedi <ravi@ravidwivedi.in>

Prev by Date: Re:Re: Concerns about Security of packages in Debain OS and the Operating system itself.
Previous by thread: Re:Re: Concerns about Security of packages in Debain OS and the Operating system itself.
Index(es):
- Date
- Thread