Re: 10 top myths of debian

[Yaro Kasear <yaro@marupa.net>]

On 03/01/2013 05:19 PM, Lisi Reisz wrote:
> On Friday 01 March 2013 22:33:37 Dick Thomas wrote:
> >   Debian is always out of date and even the "stable" is unsecure as
> > its backported fixes rather than updates
> Sorry to answer piecemeal.  Debian stable starts to go out of date as soon as
> it is released, or even before, while it was still testing, but in freeze.
> It has security updates throughout its life and for the first year of being
> Old Stable.  It is very secure.  Nothing, and no distro, is totally secure,
> but Debian Stable is as close as you are likely to get.
>
> Many people therefore use Stable only for servers.  Testing is more up to
> date, and is as stable as many released versions of other distros.  It does
> not, however, get up to date security updates.
>
> Many people in fact run Unstable on their desktops and just upgrade with
> caution.  I understand that it does get security upgrades, but although I
> have installed it to look at it, I have never had the nerve to install it on
> my workhorse machine.
>
> Lisi
I don't know if Debian's the most SECURE distribution. It doesn't really 
have a "hardened profile" or anything like what Gentoo offers. (Gentoo 
isn't a prime example of a secure Linux system, I more point to the 
concept of having a "hardened" base available, whihc Debian doesn't 
really offer.) Debian's known for being incredibly STABLE and high 
quality, and embraces FOSS standards pretty well.

But unless Debian is bundling an alternate base system built around 
stuff like Tomoyo, GrSecurity, PaX, or SELinux and starts loading up 
their packages with hardened patchsets I wouldn't boast about it being a 
"security-focused" distro.

The backports are an excellent thing. And the Debian security team does 
an excellent job. Lets just be realistic and a little more honest and 
say Debian is "one of the most secure" but I can't call it "THE most 
secure" unless the system can go hardened readily.

Cheers.