Re: Security Question

To: "Jamin W. Collins" <jcollins@asgardsrealm.net>
Cc: debian-user@lists.debian.org
Subject: Re: Security Question
From: Alvin Oga <aoga@Maggie.Linux-Consulting.com>
Date: Thu, 2 Jan 2003 16:22:23 -0800 (PST)
Message-id: <[🔎] Pine.LNX.3.96.1030102160516.4469A-100000@Maggie.Linux-Consulting.com>
In-reply-to: <[🔎] 20030103000014.GF893@jamin-mini>

hi ya john

On Thu, 2 Jan 2003, Jamin W. Collins wrote:

> While this message screams troll, there's the possiblity your question
> is legit.

yuppers.. 
 
> On Thu, Jan 02, 2003 at 03:39:22PM -0800, John Gedeon wrote:
> > > I have Debian installed on my home computer (3.0 stable version) I
> > want to use it to remote login in to work, however the people in
> > charge of the remote logins (IT) at my work say that Debian has lots
> > of security holes. 
> 
> Is Debian free of potential sercurity holes, no.  Is _any_ software free
> of security holes, extremely doubtful. 
>  
> > I was wondering what security holes Debian may have (especially in
> > comparison to Red Hat) if any. And if any of those cannot be taken
> > care of.
> 
> None that I'm aware of.
> 
> > They also claimed that Debian isn't stable in comparison to Red Hat,
> > Is Red Hat more stable? 
> 
> Not in my experience.  Additionally, I find Debian much easier to
> maintain and update.

"depends" on your defition of "stable"...
	- if you mean each time yu install rh or deb you get exactly
	the same thing ... than you should install from cdrom

	- if you mean "unstable/testing" branch of debian vs released
	copies of redhat  
		- that's not the same thing .. not a legit comparason
		( regular users dont get access to redhat's testing tree )

> > I am asking for this information so that I have more backing when I
> > tell the IT people here that Debian as good if not better than Red
> > Hat. I would prefer to use Debian.

for security statistics ... one has to normalize number of hacked
redhat machines w/ its installed base ... and similarly for debian
and than compare percentages of "[cr/h]acked boxes"...
	-
	- a relaxed "security admin policy" is usually the first culprit
	-

- see if any of these sounds like your environment
	top 20 security problems...
		http://www.sans.org/top20

	top 7 management mistakes...
		http://www.sans.org/newlook/resources/errors.htm

	top-10 attacks around the world
		http://www.dshield.org

when one says that x is better than y .... i start up with:

i start from, all linux distro is ausually exactly the same..
	( different versions ... older vs latest/greates issue...
	( latest being better since its fixed knowns buggs
	( latest besing worst, as it might have new bugs
	- same kernel
	- same bash
	- same apache
	- same exim/sendmail
	- same glibc
	- same 10,000 packages

what makes each linux distro different
	- the gui for the user to install the selected/desired apps
	- the way if any for updating the installed system w/ patches

<flame suit on>
commercial entities need to generate revenue !!!
	- you do that by getting $300/incident tech support phone calls
	- things that used to work... breaks in the next release ...
	  no reason for that except ... :-)
<keeping the flame suit on>

c ya
alvin

Reply to:

References:
- Re: Security Question
  - From: "Jamin W. Collins" <jcollins@asgardsrealm.net>

Prev by Date: Re: man pages as user
Next by Date: Re: Getting nVidia to load
Previous by thread: Re: Security Question
Next by thread: Re: Security Question
Index(es):
- Date
- Thread