[Tfug] Debian struggling with security

Matthew Eskes meskes at azcomputercentral.com
Thu Jul 7 23:12:47 MST 2005 

I do debug for both Ubuntu and Debian  and my decision comes from actual 
interaction with both of the projects. I have to say that  I dont like the 
direction in which they are going. There are some very major reasons I dont 
like the direction in which they are going  install Breezy Badger, Ubuntu's 
current dev branch and try to run gdb... you will NOT be able to get a 
traceback on the program seeing how the project devs seem to want to strip 
their binaries making it damn near impossible to figure out exactly what the 
hell is going on. It took me a week tracking the bugs down by rebuilding 
packages one by one untill I found out which libs and app was br0k. Even 
though this was a dev branch, the should have STILL not had their apps 
stripped, making it VERY hard to audit. From what I have read the *BSDs are 
very audited and do not suffer nearly as bad from security issues and broken 
programs as the linux world does.  I dont know, not trying to start a flame 
war so if feel that its fine to >insert_retort_here< however Im not trying 
to start a holy war, if I do I apologise now.


Matt


----- Original Message ----- 
From: "Ronald Sutherland" <rsutherland at epccs.com>
To: "Tucson Free Unix Group" <tfug at tfug.org>
Sent: Thursday, July 07, 2005 9:47 PM
Subject: Re: [Tfug] Debian struggling with security


> Hmm... seems to me that with open source software the users are the 
> debuggers. The clever users provide detailed bug reports that guide the 
> moron programmers to the cause of the problem. In this way a user is 
> paying for the code by educating the programmer. Once the programmer is 
> sufficiently educated they may chose to make real monies by developing IP 
> for mister Bill. Unfortunately for Bill the debuggers don't go with the 
> programmer.
>
>
> To sum this up, time and bug reports will fix these problems, but I do 
> wonder if ubuntu has pulled many of the debuggers away form debian.
>
>
> Matthew Eskes wrote:
>
>> You know, to be honest I could have said that the security issues with 
>> Linux and Debian were to be expected. When you think about it, Linux (the 
>> Kernel, more or less) is really starting to become a big pile of buggy 
>> code. Dont get me wrong, I like having all the functionality that its now 
>> providing which really is better than that in the 2.4x line, but I feel 
>> that they arent taking enough time in bugfixes and they are starting to 
>> add new features way to fast without fixing any bugs that they may have 
>> introduced with them ( The infamous w.x.y.z subversioning they now have) 
>> and I think that its starting to affect the overall quality of the 
>> kernel. For those reasons alone, I am starting to think more seriously 
>> about switching over to either Free or OpenBSD since they are known to 
>> audit their code to no end. I realise that this will not fix all the bugs 
>> since there is not one piece of bugfree software, but as I like to say, 
>> any small advantage I can get I will take.
>>
>> Matt
>>
>> ----- Original Message ----- From: "t takahashi" <gambarimasu at gmail.com>
>> To: "Tucson Free Unix Group" <tfug at tfug.org>
>> Sent: Wednesday, July 06, 2005 5:31 PM
>> Subject: Re: [Tfug] Debian struggling with security
>>
>>
>> i was curious whether ubuntu was any different, so i searched for "debian
>> vs. ubuntu".
>>
>> the first item was ian murdoch's blog, where he was critical of a de 
>> facto
>> fork.  i was flabbergasted.   the comments were overwhelmingly
>> of the "debian is history" variety.  could that be just that it was
>> before sarge's release, or is ubuntu taking over?  i was so
>> surprised that i never did find out about whether ubuntu is
>> more or less secure than debian :-).
>>
>
> _______________________________________________
> tfug mailing list
> tfug at tfug.org
> http://www.tfug.org/mailman/listinfo/tfug
>

More information about the tfug mailing list