Re: Quality of security assurance with Debian vs. RedHat vs. SuSE

To: Eduard Bloch <edi@gmx.de>
Cc: debian-security@lists.debian.org
Subject: Re: Quality of security assurance with Debian vs. RedHat vs. SuSE
From: Javier Fernández-Sanguino Peña <jfs@computer.org>
Date: Wed, 12 Jun 2002 11:24:34 +0200
Message-id: <[🔎] 20020612092434.GB10905@dat.etsit.upm.es>
In-reply-to: <[🔎] 20020611155335.GA18109@zombie.inka.de>
References: <[🔎] 20020611155335.GA18109@zombie.inka.de>

On Tue, Jun 11, 2002 at 05:53:35PM +0200, Eduard Bloch wrote:
> Hello people,
> 
> I look for good comparison about the security of Debian and Redhat or
> SuSE systems, especial about number of found local exploits or DOS
> attacks. I assume that Debian Stable should be less invulnerable since
> the software is more tested, but I would need some argumentation help to
> convince people impressed by Redhat or SuSE.
> 
	I cannot offer a comparison but I can offer some raw data
regarding Debian's work at security. As some other people said previously
the security issues between distributions are usually the same (since they
provide the same software, even if different versions), however if you
want to compare quality assurance you might want to check how security is
supported in Debian vs. other distros:

1.- ¿How fast are security issues fixed? See
http://www.debian.org/News/weekly/2001/34/ for raw data regarding the time
it took (last year) to fix any given vulnerability reported at bugtraq

2.- ¿How is the distribution providing security? See
http://www.debian.org/doc/manuals/securing-debian-howto/index.en.html

	Fact #1: Debian (woody) provides Bastille, neither RedHat nor SUSE
	(Mandrake I think does) provides it (or supports it)

	Fact #2: Debian  provides more security tools than other distros.

	Fact #3: Debian standard installation is more secure (this usually
	goes against usability), other distros tend to either install
	by default a lot of services or do not properly configure them
	(remember the Ramen or Lion worms). It's not as strict as OpenBSD
	(no demons are active per default) but it's a good compromise
	IMHO

3.- ¿How is security documented? I don't know of other distros providing
documentation regarding security like Debian does (there are, however,
third party  documents available at Linuxdoc, and the "Securing and
Optimizing Linux: RedHat Edition" is a great document)


	Well. I (hopefully) have made some strong points you could use in
your argumentation, however see answer to question 1 of the FAQ at the
"Securing Debian Manual":
http://www.debian.org/doc/manuals/securing-debian-howto/ch11.en.html#s11.1
That's usually the strongest point.

	Javi


-- 
To UNSUBSCRIBE, email to debian-security-request@lists.debian.org
with a subject of "unsubscribe". Trouble? Contact listmaster@lists.debian.org

Reply to:

References:
- Quality of security assurance with Debian vs. RedHat vs. SuSE
  - From: Eduard Bloch <edi@gmx.de>

Prev by Date: Slackware vs Debian (was: Re: Quality of security assurance with Debian vs. RedHat vs. SuSE)
Next by Date: Re: attack of the marsians
Previous by thread: RE: Quality of security assurance with Debian vs. RedHat vs. SuSE
Next by thread: RE: Quality of security assurance with Debian vs. RedHat vs. SuSE
Index(es):
- Date
- Thread