Re: Security: OpenWRT vs. Debian [Was:] Re: Linux router AP with reserved IPs on wlan0?
On Mon, 8 Feb 2021 09:57:13 -0500
Dan Ritter <dsr@randomstring.org> wrote:
> Celejar wrote:
> > On Mon, 8 Feb 2021 08:36:34 -0500
> > Dan Ritter <dsr@randomstring.org> wrote:
> >
> > > OpenWRT's security process doesn't look as terrible as it used
> > > to be, but it doesn't really look good right now, just trying to
> > > be better.
> >
> > Again, let's look at specific examples of vulnerabilities present in
> > both OpenWRT and Debian, and compare the projects' responses. I gave
> > you one timely example: OpenWRT's SA for the dnsmasq vulnerabilities
> > was issued about two weeks before Debian's.
> >
> > You feel that OpenWRT's security process "doesn't look good." Based on
> > what? Can you provide a vulnerability that affects their software that
> > they dropped the ball on?
>
> No, thanks. I don't need to poke at OpenWRT any further.
>
> I already have a Debian firewall that has had good security
> support from Debian since 2014; I see no reason not to continue
> using it until the hardware fails. At that point, I will buy
> another relatively small fully supported Debian box, and carry
> on. Among other benefits, it means that all the machines at home
> have the same procedures and can be used as testbeds for each
> other. E.g. the music-playing machine in the living room is now
> testing out Bullseye.
>
> I can be glad that OpenWRT has improved their security practices
> and simultaneously not be interested in using it.
I think we are really in basic agreement. The reason I use OpenWRT is
that I use a residential all-in-one WAP / switch / router, which Debian
is unsuitable for. If I ever go the separate WAP / switch / router
route, I'll probably use Debian on the router for the reasons you
give: good support, a system I'm familiar with, etc.
Celejar
Reply to: