On Thu, 2007-11-01 at 10:36 -0600, Boyd Lynn Gerber wrote:
Off course it it is doable (see Debian/Gentoo/FreeBSD/Ubuntu) who support up to 22000 packages. the only question is how ;)
Every Distribution/Unix/Linux variant has constraints. I have seen exploits in all of them. Someone has to do the programming and checking. There are not enought paid people on any of the Distribution or OS's to really bring security to a C2 level(US). Novell/SUSE has done a lot in getting security to a great level. Many of the packages in the 22000 have not had a security audit. You still have to trust. I have worked with the Devs on all the BSD variants. Just because they are in the distribution does not make them more secure. I know. I have placed reports and the authors have acknowlegded that no security audit has been preformed. So please do not make general noise about how great the security is. It is not there.
-- Boyd Gerber email@example.com ZENEZ 1042 East Fort Union #135, Midvale Utah 84047
To unsubscribe, e-mail: firstname.lastname@example.org For additional commands, e-mail: email@example.com
Interesting view from the inside :). I can imagine that devs don't have time for a full fledged security audit (reviewing all code manually). And I don't think this is necessary, correct me if I am wrong. Are your only experienced with 'BSD or also with Gentoo/Debian?
And again I don't have problems trusting repo's like openSUSE and packman etc. It's impossible to tell if you can trust some *home repo which concerns me.