All--- And I thought the RedHat list I subscribe to was active!
I'm considering a switch from RH 6.2 to Debian stable for a dual-processor workstation I use for crunching numbers and making graphs/plots with GMT. I'm thinking about the move because I just can't keep up with manual updates on RH, and apt-get seems to be a whole lot more time-effective way to keep my system secure. I've purchased the Debian disks, but before I invest this amount of time into setting up Debian, I want to make sure that I've made the right decision. If someone could please answer my questions from an informed and preferably unbiased position (hard to come by in forums where GNU/Linux or BSD are discussed), I'd MUCH appreciate it. 1) In a couple of places, I've seen people criticize Debian's security because the stable release uses 'out-of-date' packages. My understanding is that Debian developers apply security patches to 'older' packages, while leaving the 'bleeding edge' features out. All other things being equal, will RH 7.1 or Debian Potato be more secure? My belief is that security comes down to a maintenance issue -- and with Debian it will be easier to keep up with security patches. 2) I've found that it is really easy to find/get help on RH questions -- i.e., there are a lot of books in print that focus on RH. Can anyone give me titles for essential Debian books? 3) I want to have a system that is as secure as possible without sacrificing usability. Where can I get good guidance on securing Debian? I understand the importance of shutting off non-essential services, using ssh in place of ftp and telnet, etc. I know this could draw the ire of some, but has anyone worked up a 'cookbook' type approach whereby a new Debian user can secure the system and learn a bit about security issues at the same time (I'm thinking of something along the lines of Bastille Linux -- but a typed out list of things to check for would suffice). Thanks for your help and advice in advance -- from what I read, Debian is the way for me to go. Let me know your thoughts on this. Thanks, Bryan
