lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <1f6e7c030fba1c86f5cc74e61ef22b64@memeware.net>
Date:   Tue, 08 Jan 2019 01:22:19 +0000
From:   vsnsdualce@...eware.net
To:     Ivan Ivanov <qmastery16@...il.com>
Cc:     gary@...remeground.com, alessandro.baggi@...il.com,
        joe@...trading.com, deloptes@...il.com, dpchrist@...gerdanske.com,
        mfidelman@...tinghouse.net, raju.mailinglists@...il.com,
        debian-user@...ts.debian.org, debian-devel@...ts.debian.org,
        linux-kernel@...r.kernel.org, gentoo-user@...ts.gentoo.org,
        misc@...nbsd.org, freebsd-chat@...ebsd.org
Subject: Re: Why choose Debian on server

Indeed.
Anything _with_ systemd is insecure.
Any linux distro _without_ the GRSecurity patch is insecure.

There is nothing secure about Debian.

Linux kernel is swiss cheese without the GRSecurity/PaX etc patch.
(BTW: GRSecurity is currently (Blatantly) violating the licensing terms 
of the kernel by adding additional restrictive terms so as to prevent 
redistribution -- which has succeeded*)

*Infact the pro-CoC part of the kernel team itself seems to have been 
inspired by GRSecurity in some manners here, adding their own additional 
writing inorder to pressure, libel, and threaten civil torts against 
those who don't obey their speech codes. Threatening the various other 
copyright holders themselves.

(There is a remedy: Rescind)

Those are the facts.

On 2019-01-03 09:00, Ivan Ivanov wrote:
>> Debian is very secure
> 
> But it uses systemD as its' init system which has a really bad
> security: over 1 million lines of poorly written code and authors are
> deliberately ignoring the security issues - to a point where systemD
> has been awarded a Pwnie anti-award because of arrogant devs refusing
> to fix a critical vulnerability. If you need a true security, choose
> Devuan: it has all the benefits of Debian + much simpler init system
> with in order of magnitude better security, thanks to "Keep It Simple,
> Stupid" principle
> 
>> Because Debian doesn't come from a company,
>> it can't go out of business or be taken over.
> 
> As a technical project, Debian can ruin itself by choosing the
> political decisions over technical, like it recently did by removing a
> Weboob package after the herassment of some SSJiWs from Debian
> antiher.assment team. Luckily Devuan is not affected by this madness.
> 
> чт, 3 янв. 2019 г. в 07:40, Gary Dale <garyndp@...il.com>:
> 
>> 
>> On 2019-01-02 5:51 a.m., Alessandro Baggi wrote:
>> > Hi list,
>> > I'm new to this list and I'm choosing the right distribution for
>> > server needs. I hope that I'm not OT and don't want start a flame. I'm
>> > evaluating the possibility to switch on debian so I hope you will give
>> > your experiences about this topic.
>> >
>> > At the moment I'm using CentOS 7 on server and workstation but very
>> > old software, add third repos for get some software, use unmaintained
>> > software where patchs are released by dev distro team, big changes
>> > between a current release and next release, big corporation piloted
>> > distro, waiting that rh release a security patches and then recompiled
>> > on centos, problem on new hardware, unable to install new software
>> > from source due to old libs get me bored, and frustated in the last
>> > year. I like flexibility and I noticed that centos chains my knowledge.
>> >
>> > Today seems that RH Family is the standard and rh is more supported by
>> > software vendors. Considering 10 years of support, Selinux working out
>> > of the box, stability, enteprise class and free distro..user choose
>> > Centos with the perception that things work better because all is
>> > "followed" by a corporation. With this assumption users feel more
>> > secure and unfailing.
>> >
>> > This is not necessarely true. I think that is the sysadmin that make
>> > things safer, secure and unfailing. Sure that a stable and reliable OS
>> > take his part but when big blue take this game I'm not so sure about
>> > centos future. What if someone will choose to drop centos project?
>> > Maybe this is premature but from this "Why not choose a stable and
>> > community piloted distro where user needs are first purpose?"
>> >
>> > I used Debian in the past on several server for a big company without
>> > any problems but now are several years that I use centos on server and
>> > workstation and today I lost my debian knowledge about stability on
>> > server usage.
>> >
>> > Why you choose debian on server? Where for you it is better than
>> > centos and other server distro?
>> >
>> > Thanks in advance.
>> > Alessandro.
>> >
>> Because Debian doesn't come from a company, it can't go out of 
>> business
>> or be taken over. And because Debian has lots of spinoffs, including
>> distros that are in the commercial server market (e.g. Ubuntu), you 
>> can
>> bet that everything runs on it and it runs on everything.
>> 
>> Debian is also very stable and very secure. While Red Hat may have a
>> segment of the corporate market, I'll bet that there are more Debian
>> servers than Red Hat. If you think Red Hat has the market cornered, 
>> you
>> aren't looking at the full market.
>> 
>> Then there are things like the Raspberry Pi, which are used in a lot 
>> of
>> specialized server-type tasks, that mainly use Debian. They can do a 
>> lot
>> of things that are useful in a corporate environment that you wouldn't
>> want to put on a real server.
>> 
>> I also use Debian on my desktop (I have for decades) so there is a 
>> good
>> knowledge crossover. I don't need to learn and use two different kinds
>> of systems.
>> 
>> 

Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ