Active Topics
-
Porting apps to Leste (29)
to Maemo 7 / Leste by Arno_11 - 2 days, 20 hrs ago -
Install Fonts in N900 (68)
to Maemo 5 / Fremantle by teroyk - 3 days, 23 hrs ago - more...
|
2011-02-20
, 12:44
|
|
Posts: 1,341 |
Thanked: 708 times |
Joined on Feb 2010
|
#12
|
Originally Posted by AMLJ
I consider deb-based distributions unsafe as long as they use deb-package system and people use dpkg to install packages even once. Like we see in talk.maemo.org many people does it.
Debian is the best choice for getting security. Red Hat is not bad, but still, Debian is more stable.
I find it plain stubbornness that Debian doesn't change to rpm-package system, because rpm is recommended by LSB and it is technically better than deb. RPM-system uses transactions and GPG signatures are embedded in the software packages, which in practice seem to be more secure way because quite often people install packages using wget, ftp or usb-stick transfer and without embedded GPG-signature there is a much higher risk of Trojans to get in the system without noticing.
It doesn't really matter to end users cosmetically what package system is in use, so I do not just understand the stubbornness of Debian developers. It wouldn't make Debian systems worse, but it would make Linux distributions more compatible with eachothers.
| The Following User Says Thank You to zimon For This Useful Post: | ||
|
|
2011-02-20
, 12:46
|
|
Posts: 701 |
Thanked: 585 times |
Joined on Sep 2010
@ London, England
|
#13
|
Originally Posted by AMLJ
*cough*OpenSSH*cough*
If one is concerned about security, they should never use a distro like Fedora.
Debian is the best choice for getting security. Red Hat is not bad, but still, Debian is more stable.
 |
|
2011-02-20
, 13:08
|
|
Posts: 226 |
Thanked: 59 times |
Joined on Sep 2010
@ Mierlo, Netherlands
|
#14
|
Debian users either download packages from debian.org, which you can trust, or using apt-get and aptitude.
And even though I find deb better than rpm in many ways, there are more important factors for choosing a distro, and saying which one is better, than the package manager.
And even though I find deb better than rpm in many ways, there are more important factors for choosing a distro, and saying which one is better, than the package manager.
__________________
AMLJ**0-1-47
AMLJ**0-1-47
|
|
2011-02-20
, 13:20
|
|
Posts: 1,341 |
Thanked: 708 times |
Joined on Feb 2010
|
#15
|
Originally Posted by AMLJ
No, you cannot trust just a hostname. Ever heard of MITM attacks? For example maemo repositories are not even behind https.
Debian users either download packages from debian.org, which you can trust, or using apt-get and aptitude.
My stubbornness argument stays. I never heard any rational or technical reasons why deb-systems insist to stay using deb and be somewhat incompatible from rest of the LSB-systems.
Also in Fedora (and all Linux distros) there are applications developed in deb-based system, and I feel little insecure when I know those same developers do install software packages without checking for authentication correctly. (I've seen it happen here in talk.maemo.org also).
Last edited by zimon; 2011-02-20 at 13:22.
| The Following User Says Thank You to zimon For This Useful Post: | ||
|
|
2011-02-20
, 13:23
|
|
Posts: 701 |
Thanked: 585 times |
Joined on Sep 2010
@ London, England
|
#16
|
Originally Posted by AMLJ
Yes, like choosing one that doesn't have package maintainers that introduce security holes by patching things they don't understand.
And even though I find deb better than rpm in many ways, there are more important factors for choosing a distro, and saying which one is better, than the package manager.
For the record, I use Ubuntu 9.10 on my netbooks and Archlinux on my desktop/MythTVbox, and I set up the Maemo SDK in a Ubuntu-based VM on my desktop (although I haven't done anything with it yet).
|
|
2011-02-20
, 13:43
|
|
Posts: 226 |
Thanked: 59 times |
Joined on Sep 2010
@ Mierlo, Netherlands
|
#17
|
Originally Posted by zimon
Debian doesn't need to do what is standard... It was one of the first 3 distros which were made, and which are bases of GNU/Linux.
No, you cannot trust just a hostname. Ever heard of MITM attacks? For example maemo repositories are not even behind https.
My stubbornness argument stays. I never heard any rational or technical reasons why deb-systems insist to stay using deb and be somewhat incompatible from rest of the LSB-systems.
Also in Fedora (and all Linux distros) there are applications developed in deb-based system, and I feel little insecure when I know those same developers do install software packages without checking for authentication correctly. (I've seen it happen here in talk.maemo.org also).
Right now, it is still the most secure, most stable, and the most reasonably-free distro.
I suggest pure Debian to everyone... Well, because I like you all, but it's sometimes a bad idea...
__________________
AMLJ**0-1-47
AMLJ**0-1-47
 |
|
2011-02-20
, 14:03
|
|
Posts: 1,986 |
Thanked: 7,698 times |
Joined on Dec 2010
@ Dayton, Ohio
|
#18
|
Originally Posted by casketizer
Ah, I started out with Slackware too.
I got me a nice old workstation (x86) and want to slap Linux on it for Maemo5 SDK/Cross Compiler. Which Linux should I use? Debian, or ubuntu, or another one? I used to be slackware fan but atm I dont have any Linux box...
I don't think you would have too much trouble with any of the various flavors of Linux, but the Nokia guys do mention the Ubuntu distribution by name; so, odds are they've done all their testing with that one.I currently use Fedora on most of my boxes, but I went ahead and installed Ubuntu on one of them specifically for use with the SDK; I figured it'd be good to get some experience with a Debian-based distribution. (Although I am a long time supporter of open source software, I have never been a real fan of Richard Stallman, and the Debian folks seem way way way too shrill in their support of all things Stallman. At least in Fedora land, you're still allowed to say "Linux" without being forced to prepend "GNU" to it...)
| The Following 2 Users Say Thank You to Copernicus For This Useful Post: | ||
|
|
2011-02-20
, 14:45
|
|
Posts: 226 |
Thanked: 59 times |
Joined on Sep 2010
@ Mierlo, Netherlands
|
#19
|
Originally Posted by Copernicus
Well, it's wrong, and that's the reason some Debian users don't like it. Linux is the kernel, not the OS... Debian gives you an option of using GNU/kFreeBSD too, although I prefer Linux to to its better development, and better hardware support.
Ah, I started out with Slackware too.
I currently use Fedora on most of my boxes, but I went ahead and installed Ubuntu on one of them specifically for use with the SDK; I figured it'd be good to get some experience with a Debian-based distribution. (Although I am a long time supporter of open source software, I have never been a real fan of Richard Stallman, and the Debian folks seem way way way too shrill in their support of all things Stallman. At least in Fedora land, you're still allowed to say "Linux" without being forced to prepend "GNU" to it...)
__________________
AMLJ**0-1-47
AMLJ**0-1-47
|
|
2011-02-20
, 15:36
|
|
Posts: 716 |
Thanked: 303 times |
Joined on Sep 2009
@ Sheffield, UK
|
#20
|
Its only wrong if you are coming from the GNU side, for everyone else its perfectly viable. The fact there is such a big debate what is the right way to refer to Linux is proof enough to me that there is no wrong/right way, its just the GNU folks spitting their dummies out because want the recognition for making Linux what it is today. I'm not saying they do not deserve that recognition, but if its at the cost of confusing the end-users and as such stifling the use of Linux by novices, they are just hurting themselves in the long run.
By their logic Ubuntu is GNU/Linux but Maemo or DD-WRT is not, because they are using BusyBox and so the core OS may not be using GNU at all. Exactly how much GNU codebase do we need to be running to call it GNU/Linux? What should we call Maemo and DD-WRT? By branding them all as Linux you get the point across, that they are for all intents are purposes the same tools, even if the underlying code might be from different sources. The end user doesn't need to know if they are using GNU coreutils or not and in fact it just confuses them. Do we really want to get back to the confusion of the DOS ages? That won't help anyone.
I mean just think, its perfectly possible to start off with a none-GNU Linux (is Maemo an example of this?) and then turn it into GNU/Linux by installing the GNU coreutils, etc. That is just plain confusing and should not mean you suddenly have to refer to your distribution differently unless its specifically relevant to a problem you are having. If that is the "right" way to do things, I am happy to be doing it wrong.
Last edited by Alex Atkin UK; 2011-02-20 at 16:00.
By their logic Ubuntu is GNU/Linux but Maemo or DD-WRT is not, because they are using BusyBox and so the core OS may not be using GNU at all. Exactly how much GNU codebase do we need to be running to call it GNU/Linux? What should we call Maemo and DD-WRT? By branding them all as Linux you get the point across, that they are for all intents are purposes the same tools, even if the underlying code might be from different sources. The end user doesn't need to know if they are using GNU coreutils or not and in fact it just confuses them. Do we really want to get back to the confusion of the DOS ages? That won't help anyone.
I mean just think, its perfectly possible to start off with a none-GNU Linux (is Maemo an example of this?) and then turn it into GNU/Linux by installing the GNU coreutils, etc. That is just plain confusing and should not mean you suddenly have to refer to your distribution differently unless its specifically relevant to a problem you are having. If that is the "right" way to do things, I am happy to be doing it wrong.
__________________
http://www.speedtest.net/result/877713446.png
My Websites
CSD Projects - Flickr - UAE4Maemo (UAE4All Compatibility List)
Favourite N900 Applications
Picodrive - UAE4All
Please post your UAE4All compatibility reports. Even better, post them to my UAE4Maemo site!
Not sure how UAE4All works such as mouse emulation? Read the FAQ.
http://www.speedtest.net/result/877713446.png
My Websites
CSD Projects - Flickr - UAE4Maemo (UAE4All Compatibility List)
Favourite N900 Applications
Picodrive - UAE4All
Please post your UAE4All compatibility reports. Even better, post them to my UAE4Maemo site!
Not sure how UAE4All works such as mouse emulation? Read the FAQ.
Last edited by Alex Atkin UK; 2011-02-20 at 16:00.
It doesn't work "really". They just want to say that they have installed it for you, but they haven't. Installing SELinux is not hard, neither is using the default policies. The hard part, is choosing wise policies as an admin...
If one is concerned about security, they should never use a distro like Fedora.
Debian is the best choice for getting security. Red Hat is not bad, but still, Debian is more stable.
AMLJ**0-1-47