On Wed, Jun 29, 2022 at 1:46 PM Ravi Dwivedi <r...@ravidwivedi.in> wrote:
> Since the below mentioned analysis of Debian's security, and that too > compared to other distros, is not very well-known outside of Debian > project honestly i don't believe it's even widely known *in* the debian project [quite how damn good what they have is, compared to everything else] > (it didn't come up in any internet searches, the web of trust > gets mentioned but there is not much explanation on it), I suggest > writing in somewhere in Debian wiki or blog post. my replies on this topic keep getting filtered. annoyingly. http://lkcl.net/reports/wot/ http://lkcl.net/reports/wot/Makefile http://lkcl.net/reports/wot/wot.tex http://lkcl.net/reports/wot/wot.pdf > I am willing to write that as well if the Debian project does not have > any problems. patches welcomed to the above (or links to it). yes, debian has a "perception" problem. there are plenty of complaints "But It's Rubbish Because It's So Long To Releases" and the complainers basically have f***-all knowledge of precisely *why* debian's is both resilient and stable, or quite how much work went into making that happen. but to be honest with NixOS developers *genuinely* believing both that their distro is "secure" as well as "The World's First Reproducible Build Distro", given that they had absolutely no idea that debian and fedora both started the work on reproducible builds over 8 years ago, https://archive.fosdem.org/2014/schedule/event/reproducibledebian/ without which NixOS couldn't even begin to make its incorrect claims, and that the NixOS developers had never even seen the wiki page nor the build graph, https://wiki.debian.org/ReproducibleBuilds this indicates that there's a much bigger perception problem for debian that goes way beyond just security and the web-of-trust. how to fix that? honestly i have no idea. should debian developers even care, and just get on with what they do best? (serious question!) l.
