dear Envite, On Sun, 01 Mar 2015, envite wrote:
> Being here, I wonder: > Can Devuan be a security-aware, privacy-aware distro? Devuan 1.0 is not yet there: until then we are not building a lot of character beyond being systemd-free and fork-friendly. We do inherit a lot from Debian, especially for the privacy aware part. Yet simplicity and transparency mean better security. There are many opsec and pentesting professionals I know who believe that, even if systemd would be written by the best coders on Earth, with its entry by default in Debian we are facing the opening of a huge attack surface due to bugs not yet foreseen and to behaviour of its users who aren't aware of its functioning just yet. It may be just a matter of statistics if we compare the probability of a new bug to appear in the 20 year old way to do things and the 2 year old way. Therefore I dare to say that Devuan is more security-aware than Debian for two main reasons: it keeps the status-quo and it doesn't engages deployement of a new core component that exists only since a few years. On top of that also consider we are doing our best to contain the attitude of GNOME and other DE developments which are spawning daemons like there is no tomorrow, polluting the process tree and making it very difficult to know what is what... ciao -- Jaromil, Dyne.org Software Foundry (est. 2000) We are free to share code and we code to share freedom Web: https://j.dyne.org Contact: https://j.dyne.org/c.vcf GPG: 6113 D89C A825 C5CE DD02 C872 73B3 5DA5 4ACB 7D10 Confidential communications: https://keybase.io/jaromil _______________________________________________ Dng mailing list Dng@lists.dyne.org https://mailinglists.dyne.org/cgi-bin/mailman/listinfo/dng
