lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [<thread-prev] [thread-next>] [day] [month] [year] [list] 
From: madduck at madduck.net (martin f krafft)
Subject: Re: Re: Re: a secure base system

also sprach Tobias Weisserth <tobias@...sserth.de> [2004.03.15.2352 +0100]:
> I'd chose Debian over OpenBSD on workstations anytime because of
> usability.

What I failed to mention is that Debian != Linux. I myself run
Debian NetBSD on a couple of machines. That's the NetBSD kernel with
Debian management, or "the best of both worlds".

> And the 6000+ packages in Debian speak for themselves.

14000+

> Though comparing Debian to other desktop Linux distributions is
> a totally different matter. For example, I'd prefer Fedora Core
> 1 over Debian right now because they have a decent security policy
> too and they keep improving on community aspects while offering
> top of the notch software.

Sure, but the cleanliness of the system, and the maintainability are
not even close. But we don't have to go there.

> Holding Debian's very good tools against other distributions will
> become more and more difficult because most other RPM based
> distributions have begun to ad"apt" (*g*) Debian tools: apt4rpm,
> yum, up2date and Mandrake has something else too... just to name
> a few.

Debian is not just apt. apt is great, but there is *a lot* more than
apt which makes Debian stand out.

> And the soon to be released Core 2 will feature a 2.6 kernel, KDE 3.2
> and lots of other cool stuff. There's one other interesting thing:
> Fedora Core 2 will feature SELinux by default as it seems.

Russell Coker has a Debian repository to make any Debian machine use
SELinux.

> Isn't mixing unstable and testing a Bad Thing(tm)?

Why? It may require some work here and there, but why should it be
bad?

> So I'm assuming he is talking about the public terminals in the PC
> classes where he wants to upgrade the GNU/Linux installations.
> Anybody can get into these classes and log on if he has a valid
> login. So it only takes a lost or stolen login and you have
> a potential bad guy right inside your network.

We use Debian unstable successfully in such environments. In
addition to FAI and cfengine2, we can get rid of any security
problem within minutes.

-- 
martin;              (greetings from the heart of the sun.)
  \____ echo mailto: !#^."<*>"|tr "<*> mailto:" net@...duck
 
invalid/expired pgp subkeys? use subkeys.pgp.net as keyserver!
 
"never try to explain computers to a layman.
 it's easier to explain sex to a virgin."
                                                    -- robert heinlein
 
(note, however, that virgins tend to know a lot about computers.)
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : http://lists.grok.org.uk/pipermail/full-disclosure/attachments/20040316/affcf4da/attachment.bin

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ