On Mon, 8 Feb 2021 09:57:13 -0500 Dan Ritter <d...@randomstring.org> wrote:
> Celejar wrote: > > On Mon, 8 Feb 2021 08:36:34 -0500 > > Dan Ritter <d...@randomstring.org> wrote: > > > > > OpenWRT's security process doesn't look as terrible as it used > > > to be, but it doesn't really look good right now, just trying to > > > be better. > > > > Again, let's look at specific examples of vulnerabilities present in > > both OpenWRT and Debian, and compare the projects' responses. I gave > > you one timely example: OpenWRT's SA for the dnsmasq vulnerabilities > > was issued about two weeks before Debian's. > > > > You feel that OpenWRT's security process "doesn't look good." Based on > > what? Can you provide a vulnerability that affects their software that > > they dropped the ball on? > > No, thanks. I don't need to poke at OpenWRT any further. > > I already have a Debian firewall that has had good security > support from Debian since 2014; I see no reason not to continue > using it until the hardware fails. At that point, I will buy > another relatively small fully supported Debian box, and carry > on. Among other benefits, it means that all the machines at home > have the same procedures and can be used as testbeds for each > other. E.g. the music-playing machine in the living room is now > testing out Bullseye. > > I can be glad that OpenWRT has improved their security practices > and simultaneously not be interested in using it. I think we are really in basic agreement. The reason I use OpenWRT is that I use a residential all-in-one WAP / switch / router, which Debian is unsuitable for. If I ever go the separate WAP / switch / router route, I'll probably use Debian on the router for the reasons you give: good support, a system I'm familiar with, etc. Celejar
