Quoth Depo Catcher: > During install there is an option to install to encrypted disk which is > pretty sweet sounding. > How does that work, I'm assuming everything but /boot is encrypted? Does > it use GELI or something else? I'll go down that road soon, too. I'm still on unencrypted fs' but am going to change that the next couple of weeks. Thins you might want to google for: LVM (logical volume manager) cryptfs LUKS and stuff like that. I hear it's quite easy, once you've read some HOWTOs. > What is the default encryption used and is there any way to change it? > Does Linux support crypto cards that work with this? Yes Linux supports some crypto cards. As you're coming from FreeBSD you should want to compile your own kernel anyways. Look into Crypthographic API --> Hardware crypto devices. There might be some other cards supported, too, search the Net for your favorite. > I take it apt-get is the way to maintain packages on Debian? Yes. > Say I want > to apply all the security patches [or to get all updates] for my version, > is there an easy way to do that? Debian stable is already very secure, the maintainers do a good job in keeping stuff clean and stable. But you can always download the deb-src package (be sure to include the src-repos for that, too) and compile that stuff yourself, possibly applying patches along the way > If a person wanted, could they recompile all packages from source (and > use optimized complier options) instead of installing from binaries? Well, there's always LFS... but if you really want to compile core packages you should look into other distros like Gentoo or Arch Linux. deb-src can help you here, but other two are closer to the FreeBSD-spirit anyways (ports-like package management) and offer source-code based solutions. In Gentoo you compile everything, in Arch Linux you may compile everything and will be forced to compile some stuff anyways. Aleks
Attachment:
signature.asc
Description: Digital signature