AMLJ | # 11 | 2011-02-20, 12:25 | Report

Fedora uses default SELinux policies, which you can get on Debian as well. (not sure about ubutnut)

It doesn't work "really". They just want to say that they have installed it for you, but they haven't. Installing SELinux is not hard, neither is using the default policies. The hard part, is choosing wise policies as an admin...
If one is concerned about security, they should never use a distro like Fedora.
Debian is the best choice for getting security. Red Hat is not bad, but still, Debian is more stable.

zimon | # 12 | 2011-02-20, 12:44 | Report

I consider deb-based distributions unsafe as long as they use deb-package system and people use dpkg to install packages even once. Like we see in talk.maemo.org many people does it.

I find it plain stubbornness that Debian doesn't change to rpm-package system, because rpm is recommended by LSB and it is technically better than deb. RPM-system uses transactions and GPG signatures are embedded in the software packages, which in practice seem to be more secure way because quite often people install packages using wget, ftp or usb-stick transfer and without embedded GPG-signature there is a much higher risk of Trojans to get in the system without noticing.

It doesn't really matter to end users cosmetically what package system is in use, so I do not just understand the stubbornness of Debian developers. It wouldn't make Debian systems worse, but it would make Linux distributions more compatible with eachothers.

retsaw | # 13 | 2011-02-20, 12:46 | Report

*cough*OpenSSH*cough*

AMLJ | # 14 | 2011-02-20, 13:08 | Report

Debian users either download packages from debian.org, which you can trust, or using apt-get and aptitude.

And even though I find deb better than rpm in many ways, there are more important factors for choosing a distro, and saying which one is better, than the package manager.

zimon | # 15 | 2011-02-20, 13:20 | Report

No, you cannot trust just a hostname. Ever heard of MITM attacks? For example maemo repositories are not even behind https.

My stubbornness argument stays. I never heard any rational or technical reasons why deb-systems insist to stay using deb and be somewhat incompatible from rest of the LSB-systems.

Also in Fedora (and all Linux distros) there are applications developed in deb-based system, and I feel little insecure when I know those same developers do install software packages without checking for authentication correctly. (I've seen it happen here in talk.maemo.org also).

---

Last edited by zimon; 2011-02-20 at 13:22.

retsaw | # 16 | 2011-02-20, 13:23 | Report

Yes, like choosing one that doesn't have package maintainers that introduce security holes by patching things they don't understand.

For the record, I use Ubuntu 9.10 on my netbooks and Archlinux on my desktop/MythTVbox, and I set up the Maemo SDK in a Ubuntu-based VM on my desktop (although I haven't done anything with it yet).

AMLJ | # 17 | 2011-02-20, 13:43 | Report

Debian doesn't need to do what is standard... It was one of the first 3 distros which were made, and which are bases of GNU/Linux.
Right now, it is still the most secure, most stable, and the most reasonably-free distro.

I suggest pure Debian to everyone... Well, because I like you all, but it's sometimes a bad idea...

Copernicus | # 18 | 2011-02-20, 14:03 | Report

Ah, I started out with Slackware too. I don't think you would have too much trouble with any of the various flavors of Linux, but the Nokia guys do mention the Ubuntu distribution by name; so, odds are they've done all their testing with that one.

I currently use Fedora on most of my boxes, but I went ahead and installed Ubuntu on one of them specifically for use with the SDK; I figured it'd be good to get some experience with a Debian-based distribution. (Although I am a long time supporter of open source software, I have never been a real fan of Richard Stallman, and the Debian folks seem way way way too shrill in their support of all things Stallman. At least in Fedora land, you're still allowed to say "Linux" without being forced to prepend "GNU" to it...)

AMLJ | # 19 | 2011-02-20, 14:45 | Report

Well, it's wrong, and that's the reason some Debian users don't like it. Linux is the kernel, not the OS... Debian gives you an option of using GNU/kFreeBSD too, although I prefer Linux to to its better development, and better hardware support.

Alex Atkin UK | # 20 | 2011-02-20, 15:36 | Report

Its only wrong if you are coming from the GNU side, for everyone else its perfectly viable. The fact there is such a big debate what is the right way to refer to Linux is proof enough to me that there is no wrong/right way, its just the GNU folks spitting their dummies out because want the recognition for making Linux what it is today. I'm not saying they do not deserve that recognition, but if its at the cost of confusing the end-users and as such stifling the use of Linux by novices, they are just hurting themselves in the long run.

By their logic Ubuntu is GNU/Linux but Maemo or DD-WRT is not, because they are using BusyBox and so the core OS may not be using GNU at all. Exactly how much GNU codebase do we need to be running to call it GNU/Linux? What should we call Maemo and DD-WRT? By branding them all as Linux you get the point across, that they are for all intents are purposes the same tools, even if the underlying code might be from different sources. The end user doesn't need to know if they are using GNU coreutils or not and in fact it just confuses them. Do we really want to get back to the confusion of the DOS ages? That won't help anyone.

I mean just think, its perfectly possible to start off with a none-GNU Linux (is Maemo an example of this?) and then turn it into GNU/Linux by installing the GNU coreutils, etc. That is just plain confusing and should not mean you suddenly have to refer to your distribution differently unless its specifically relevant to a problem you are having. If that is the "right" way to do things, I am happy to be doing it wrong.

---

Last edited by Alex Atkin UK; 2011-02-20 at 16:00.