[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: Security Question

hi ya john

On Thu, 2 Jan 2003, Jamin W. Collins wrote:

> While this message screams troll, there's the possiblity your question
> is legit.

> On Thu, Jan 02, 2003 at 03:39:22PM -0800, John Gedeon wrote:
> > > I have Debian installed on my home computer (3.0 stable version) I
> > want to use it to remote login in to work, however the people in
> > charge of the remote logins (IT) at my work say that Debian has lots
> > of security holes. 
> Is Debian free of potential sercurity holes, no.  Is _any_ software free
> of security holes, extremely doubtful. 
> > I was wondering what security holes Debian may have (especially in
> > comparison to Red Hat) if any. And if any of those cannot be taken
> > care of.
> None that I'm aware of.
> > They also claimed that Debian isn't stable in comparison to Red Hat,
> > Is Red Hat more stable? 
> Not in my experience.  Additionally, I find Debian much easier to
> maintain and update.

"depends" on your defition of "stable"...
	- if you mean each time yu install rh or deb you get exactly
	the same thing ... than you should install from cdrom

	- if you mean "unstable/testing" branch of debian vs released
	copies of redhat  
		- that's not the same thing .. not a legit comparason
		( regular users dont get access to redhat's testing tree )

> > I am asking for this information so that I have more backing when I
> > tell the IT people here that Debian as good if not better than Red
> > Hat. I would prefer to use Debian.

for security statistics ... one has to normalize number of hacked
redhat machines w/ its installed base ... and similarly for debian
and than compare percentages of "[cr/h]acked boxes"...
	- a relaxed "security admin policy" is usually the first culprit

- see if any of these sounds like your environment
	top 20 security problems...

	top 7 management mistakes...

	top-10 attacks around the world

when one says that x is better than y .... i start up with:

i start from, all linux distro is ausually exactly the same..
	( different versions ... older vs latest/greates issue...
	( latest being better since its fixed knowns buggs
	( latest besing worst, as it might have new bugs
	- same kernel
	- same bash
	- same apache
	- same exim/sendmail
	- same glibc
	- same 10,000 packages

what makes each linux distro different
	- the gui for the user to install the selected/desired apps
	- the way if any for updating the installed system w/ patches

<flame suit on>
commercial entities need to generate revenue !!!
	- you do that by getting $300/incident tech support phone calls
	- things that used to work... breaks in the next release ...
	  no reason for that except ... :-)
<keeping the flame suit on>

c ya

Reply to: