[Tfug] Debian struggling with security

Matthew Eskes meskes at azcomputercentral.com
Fri Jul 8 00:46:57 MST 2005 

What you have stated I happen to agree with a lot, however, I thought that 
the 2.4 line was by far the "rock" of the two lines and is a matter of fact 
still the same kernel I use on some of my servers. What really concerns me 
is the fact that the devs dont have any prestine source to base their work 
from and are making changes to an evolving and not as well tested source. I 
personally think that their deving has gotten to the point to where all they 
are caring about more is getting the product out rather than working all the 
bugs out. I dont know, call me ignorant and hard headed, it wouldnt be the 
first time. :) As far as 2.4 not feeling "right" I would like to have more 
explaination on that since, I started out on the 2.2 kernel line and thought 
that the 2.4 line was very nice and straight forward in configuration and 
complation. Anyhoo, I dont know. Just thinking out loud for now, trying to 
get and give suggestions and opioins.

Matt


----- Original Message ----- 
From: "Brian Murphy" <murphy+tfug at email.arizona.edu>
To: <tfug at tfug.org>
Sent: Thursday, July 07, 2005 11:52 PM
Subject: Re: [Tfug] Debian struggling with security


> Quoting Matthew Eskes <meskes at azcomputercentral.com>:
>> You know, to be honest I could have said that the security issues with 
>> Linux
>> and Debian were to be expected. When you think about it, Linux (the 
>> Kernel,
>> more or less) is really starting to become a big pile of buggy code.
>
>
> It makes it hard to agree/disagree with you when you don't provide any
> specifics.  Since I haven't had any problems, my inclination is to
> disagree and educate you.
>
>
>> Dont
>> get me wrong, I like having all the functionality that its now providing
>> which really is better than that in the 2.4x line, but I feel that they
>> arent taking enough time in bugfixes and they are starting to add new
>> features way to fast without fixing any bugs that they may have 
>> introduced
>> with them ( The infamous w.x.y.z subversioning they now have) and I think
>> that its starting to affect the overall quality of the kernel.
>
>
> How so?  There are several common "kernels" to discuss.  Perhaps the
> freedom of choice is becoming too much?  You seem to know that
> development is going on in the 2.6.x branch.  Every so often 2.6.x will
> slow down and release a milestone like the recent Linus 2.6.12 kernel.
> This milestone will be "good enough" for most.  As 2.6.x gets more use,
> real bugs with obvious fixes get applied to a 2.6.x.y branch.  By
> definition 2.6.x.y will be more "stable" than 2.6.x.  But if you never
> come across the 2.6.x.y bug condition, the two kernels will behave
> identical for you.
>
> The real point behind all of this is that Linus and other developers
> observed 2 things.  First, developers prefer to be on the leading edge
> code.  And second, linux distribution vendors run a slew of quality
> assurance tests on their packages before releasing them to the masses.
>
> As far as I can tell, solidarity has prevented the 2.6 series from being
> broken into a 2.7 development version.  Linus wanted to keep all of the
> smartest and most active developers in 2.6 for a while.  More eyes and
> experience will get quicker solutions.  Contrast this to 2.4 where
> fixes were first written by primary authors against 2.5 and the boring
> work of backporting was often left for someone else.  I'm sure that I'm
> not alone when I say that 2.4 never felt right to me.
>
> Distribution vendors, especially "enterprise" vendors, put their
> reputation and support behind their distro kernel package.  They run
> quality assurance tests and apply further stabilization patches against
> the vanilla Linus kernel.  General linux wisdom is to run your distro
> kernel if you are ever in doubt or if you want the ultimate in
> stability.  Since you are bothered by the development and w.x.y.z
> kernel versions it doesn't sound like you went this route.
>
>> For those
>> reasons alone, I am starting to think more seriously about switching over 
>> to
>> either Free or OpenBSD since they are known to audit their code to no 
>> end. I
>> realise that this will not fix all the bugs since there is not one piece 
>> of
>> bugfree software, but as I like to say, any small advantage I can get I 
>> will
>> take.
>
>
> Free and OpenBSD are analogous to running a linux distribution.  BSD has
> stable and current (development) versions to choose from just like
> debian has stable and unstable options.  Your work patterns and
> hardware will best determine if linux or *bsd is better for you.
>
>
> Brian
>
>
> The opinions or statements expressed herein are my own and should not be
> taken as a position, opinion, or endorsement of the University of
> Arizona.
>
>
> _______________________________________________
> tfug mailing list
> tfug at tfug.org
> http://www.tfug.org/mailman/listinfo/tfug
>

More information about the tfug mailing list