Comments on: Red Hat’s Obfuscated Patches Harm Small GNU/Linux Players and Help Microsoft/Novell http://techrights.org/2011/04/02/james-whitehurst-addressed/ Free Software Sentry – watching and reporting maneuvers of those threatened by software freedom Fri, 25 Nov 2016 09:41:40 +0000 hourly 1 http://wordpress.org/?v=3.9.14 By: Dr. Roy Schestowitz http://techrights.org/2011/04/02/james-whitehurst-addressed/comment-page-1/#comment-114066 Mon, 04 Apr 2011 18:14:31 +0000 http://techrights.org/?p=46879#comment-114066 If one depends on Debian’s well-tested patches, then there might be a delay between ‘real’ patch and Debian patch. But otherwise, people can always patch using whatever comes from the original source. I had this discussion in London some days ago. Calling Debian “the least safe Linux distro” is odd to me too.

]]> By: twitter http://techrights.org/2011/04/02/james-whitehurst-addressed/comment-page-1/#comment-114063 Mon, 04 Apr 2011 18:03:12 +0000 http://techrights.org/?p=46879#comment-114063 Calling Debian the “least safe Linux distro” is sort of like calling flint the most toxic of metamorphic rocks and glasses. I’m particularly wary of articles that complain that free software does not have tools that non free software inevitably needs to make up for mono cultural flaws and code staleness. Olympic athletes can use crutches too but generally don’t rate themselves on their ability to use them. Until we see successful attacks in the wild, most of these security articles are an academic exercise at best and FUD at worst.

There’s a lot to recommend Debian. Complexity is itself a flaw that leads to exploitation and Debian sensibly avoids this unless forced. Debian also is one of the most package rich and platform diverse distributions, diversity that is both useful and protective. When and if there’s a problem, the Debian community can and will deploy these alternate tools.

]]> By: BenderBendingRodriguez http://techrights.org/2011/04/02/james-whitehurst-addressed/comment-page-1/#comment-113907 Sun, 03 Apr 2011 09:20:55 +0000 http://techrights.org/?p=46879#comment-113907 Roy, do you realize that debian is at it’s default the least safe Linux distro out there?

http://labs.mwrinfosecurity.com/notices/security_mechanisms_in_linux_environment__part_1___userspace_memory_protection/

http://labs.mwrinfosecurity.com/notices/assessing_the_tux_strength_part_2_into_the_kernel/

Granted it has been written on september but i really doubt that debian changed security wise

]]> By: Dr. Roy Schestowitz http://techrights.org/2011/04/02/james-whitehurst-addressed/comment-page-1/#comment-113858 Sun, 03 Apr 2011 00:10:04 +0000 http://techrights.org/?p=46879#comment-113858 Well, Ubuntu servers that I deploy are X-less. It should not be a problem. Debian is a safe bet, too.

]]> By: David Gerard http://techrights.org/2011/04/02/james-whitehurst-addressed/comment-page-1/#comment-113855 Sat, 02 Apr 2011 23:34:41 +0000 http://techrights.org/?p=46879#comment-113855 Well, now. This is anecdotal, but … I work for a company that has various web-based applications. These are written in Java. (Yes, we saw the Oracle-Google suit and several people had a good hard think about their career path.) They were running on Solaris, but Oracle is insane and on crack, so I strongly advised my boss and boss’s boss to ignore all our years of Solaris experience and move to Linux post-haste.

We’re going to VM-based hosting. Oracle want £300 to run Solaris on non-Oracle hardware for a year. So we’re going Linux.

The hosting company offered RHEL or … Ubuntu server. We went Ubuntu ‘cos we like Debian and it’s close enough for our purposes. (IT’S JUST RUNNING JAVA.)

Supporting all the hardware ever is a big plus for RHEL … but not so much if people are hosting in VMs. And you know, Ubuntu is free as in beer too. (And you don’t have to put up with the hideous Unity interface on a server.)

]]>