No! By easier to maintain it means "apt-get update; apt-get dist-upgrade" which is freaking neat!
You can say what you want about Debian, but their apt system is exceptional! Especially between versions. 2014-04-04 12:18 GMT+02:00 Tito Mari Francis Escaño < titomarifran...@gmail.com>: > By easier to maintain, it means having regular task of patching the system > here or there a.k.a. job security for system administrators :) > > > On Fri, Apr 4, 2014 at 3:13 PM, Eric Furman <ericfur...@fastmail.net>wrote: > >> On Fri, Apr 4, 2014, at 01:47 AM, Martin Braun wrote: >> > The particular issue didn't compromise the web server it only >> compromised >> > the web application, but yes that made me look deeper into operating >> > systems and security. I even tested FreeBSD Jails, but lets not go >> there. >> > >> > I used OpenBSD back in the 3.x days, but eventually began using Debian >> > because it was much easier to maintain - yes, I compromissed quality >> over >> > convinience. >> >> Easier to maintain?? How? >> This has not been my experience. >> >> > >> > Theo thank you for your reply. My mail was not meant in any negative >> way, >> > I >> > just didn't understand it. >> > >> > Having all these always-enabled-security settings of course makes a big >> > difference! >> > >> > >> > 2014-04-04 6:24 GMT+02:00 Theo de Raadt <dera...@cvs.openbsd.org>: >> > >> > > > On Thu, Apr 3, 2014 at 10:04 PM, Martin Braun < >> yellowgoldm...@gmail.com >> > > >wrote: >> > > > >> > > > > As we all know on the front page of OpenBSD it says "Only two >> remote >> > > holes >> > > > > in the default install, in a heck of a long time". >> > > > > >> > > > > I don't understand why this is "such a big deal". >> > > > > >> > > > >> > > > Because their shit don't stink? Unlike other distributions that are >> > > > defective upon install? >> > > > >> > > > You cannot understand why that is not a big deal? >> > > >> > > https://lists.debian.org/debian-user/2014/03/msg00795.html >> > > >> > > On Mar 13, 2014 11:06 PM, "Martin Braun" < >> yellowgoldm...@gmail.com> >> > > wrote: >> > > >> > > Hi >> > > >> > > I have recently experienced a server being "hacked" due to a >> security >> > > problem with a PHP application that made it possible for the >> "hacker" >> > > to gain a web shell. >> > > >> > > >> > > >> > > Software security is a tricky thing. If Martin's PHP got hacked, it >> > > is likely he does not have a strong understanding of the underpinnings >> > > of how holing happens. That's fine. I don't tune my engine either. >> > > >> > > 1) Some attacks are possible because of rather simple logic errors >> > > in the software. >> > > (**** everyone makes logic errors...) >> > > >> > > 2) Other attacks involve extremely complex mechanisms and, depend >> > > upon memory layout conditions that can be guessed or controlled >> > > by an attacker. This attack surface received significant attention >> > > starting around 2001. >> > > >> > > (**** this is where OpenBSD's efforts have focused attention, with >> > > tremendous effect, meaning the mitigations we trailed are now >> proven >> > > enough your phones have them enabled system-wide, but your Linux >> boxes >> > > do not.) >> > > >> > > 3) Other attack mechanisms are based on configuration errors, and >> > > sometimes default configuration processes trick people into >> > > those mistakes >> > > (**** our group argues for simpler setups, shrug) >> > > >> > > 4) The list goes on, but the above 3 cover the most serious >> penetrations. >> > > >> > > >> > > None of us know which particular combination of things got Martin's >> > > environment fried. >> > > >> > > >> > > I hazard a guess that he can't believe that a group exists who have >> > > focused on this for 20 years, with such success over 10 years. >> > > >> > > >> > > Obviously other software groups are better financed... >> > > >> > > >> > > >> > > Anyways, it is possible to succeed. >> > > >> > > The explanation is simple, we traded about 5% of application >> > > performance for built-in ALWAYS-ENABLED security mitigations that we >> > > found in research papers, or elsewhere, or invented ourselves. >> > > Because machines keep getting faster, our community barely noticed the >> > > performance loss. >> > > >> > > But they notice that they were not getting holed. >> > > >> > > That's worth praising. >> > > >> > > >> > > Good god, Ubuntu says you can "Start, drag, drop, deploy, done!" >> > > Unbelievable, how pathetic a claim. You go get 'em, Martin...
