On 2008-08-28 10:00, Tim Edwards wrote: > The way Debian does it this is the same as virtually every other major > Linux distro - Suse/OpenSuse, Redhat, Fedora, Mandriva, Ubuntu etc. That > is they release a new distro version every X months, in Debian-speak > these are called 'stable' releases, and then provide *backported* > security and bug fix updates for however long that version is in > support. These fixes are backported into the version of each package > that was released with the distro to ensure stability - as no new > features are being added the behaviour of the packaged software > shouldn't change. But you still get the benefit of security and bug > fixes so you get both a stable system (as in the behaviour of the > software on it is consistent) and a secure one (up-to-date on all > security patches). That's new to me. Were did you get this information? IIRC it's a unique feature of debian (and/or debian based systems) to get security fixes backported. As an example, see suse's security annnouncements, where first firefox is updated to version 2.0.0.13 [1] and later to 2.0.0.13 [2], ie. the fixes are *not* backported to 2.0.0.13. Debian is famous for its stability, especially for servers, so it shouldn't be questioned as that. People who prefer more regular updates have either the option to use the unofficial and not so stable and reliable 'testing' and 'unstable' branches or to switch to other distros. This is the freedom of the software, debian provides. Please don't forget that security is a _concept_ not just _one_ particular piece of software installed on your system[*]. I believe that you will get a really secure system, if you configure and maintain your 'stable' debian responsibly. A slightly outdated version of rkhunter is of minor importance here. A careful study of 'harden-doc' (install it with aptitude) will probably lead to a more secure system than to solely rely on one piece of software. Just MHO, take care, IANAL nor a security expert, Johannes [1] http://www.novell.com/linux/security/advisories/2008_19_firefox.html [2] http://www.novell.com/linux/security/advisories/2008_34_firefox.html [*] For obvious reasons, more or less all *vendors* of security 'suites' that fix some of the shortcomings of the OS with the largest market capitalisation (in $$$$) will claim the opposite. If it was that simple, however, there would be much less talk about security problems of that certain OS than we hear in the media and elsewhere. (But I am drifting OT...)
Attachment:
signature.asc
Description: OpenPGP digital signature