Debian Struggling With Security 264
Masq666 wrote to mention a ZDNet article discussing difficulties Debian is having with security updates. From the article: "...Lack of manpower also appears to be adding to Debian's security woes. Michael Stone, another member of Debian's security team, expressed his frustration to the organisation's security e-mail mailing list in mid-June, saying there was no effective tracking of security problems."
Re:I ditched debian over the weekend (Score:2, Interesting)
Too many packages? (Score:5, Interesting)
I can certainly see why security management gets a problem here. Maybe the Debian project should cut down on these and see just how many packages are really needed.
Bits of News (Score:2, Interesting)
Re:Now If This Was Microsoft... (Score:1, Interesting)
Seriously, I think it's the result of being the outcast for most of one's childhood. By believing that the outsiders Linux/Apple are the best, they elevate themselves by proxy.
Re:Pick any two (Score:5, Interesting)
The problem is not that you can't mix those three in debian particular setting, it's that the debian team seems to serverely lack redundancy. Read: one person has obligations somewhere else and the whole stable security updates process hangs !
I really hope that Debian is going to make something about it fast, and in a definitive way. I don't want to run something else than debian, really. But this is really embarassing, especially if you have production servers running sarge. And this situation ain't new, Slashdot was very slow to catch it but i read about it last week. Things haven't moved a lot since (well 1 security update was released, but some major exploits have been found in iirc at least two other packages, and nothing coming yet... Other distros had everything fixed by the end of last month)
I think Debian should clarify the issue, and call for help if it's necessary. And maybe simplify the whole debian democratic process if as it seems from the outside every decision has to go through days and days of pointless discussion.
Re:Pick any two (Score:2, Interesting)
Slackware is convenient (I Know that many will say otherwise, but if you have Unix experience, it's the best solution, really easy to manage)-
It's cheap, it doesn't contain any proprietary software.
Also, Debian can be as safe as Slackware, the problem with this kind of Distro (Debian) is that the people using it pretends that someone else takes care of their security. A Sysadmin doesn't need some stupid organization to submit patches to him automatically or anything like that. He just has to download and compile all of the critical services of his system, and update them when necesary. Anyone that says otherwise is an Amateur, not a Sysadmin, and if he's an amateur, he shoudln't be running any system bigger than he can manage, and he shoudln't run any critical services, and for the kind of things that an amateur should host the kind of security provided by allmost any Unix system is more than enough. The problem with all this shit is that there are lots of amateurs out there calling themselves sysadmins
Re:Let it go Louie (Score:2, Interesting)
Re:Debian alternatives? (Score:2, Interesting)
i notice noone responded to your question *yet* so i'll give me
nothing *compares*, but you have to compare apples with apples.
and since debian is well, only debian, i can only add that Synaptic (graphical front end) for apt-get is alot easier to use when you want to install or change alot of programs.
I also notice quite a few of the *other* distros are implementing apt-get/synaptic with their releases, in addition to whatever else they would normaly have as default (ie urpmi, Kpackage, etc). :)
Re:Debian (and it's decline) (Score:1, Interesting)
debian is not in a decline, they just need to slow the package release cycle, the greater number of times packages are released during a month increases the amount of checking required.
The whole point of stable/testing/unstable is so that the packages filter to stable slowly.
quit your whining.