Hi folks,
just some short questions concerning the security of debian sid. Afaik packages are created by the developers of the package (upstream-maintainers) and then the debian-maintainers take over to prepare the package for the repos. Before that packages are checked by some automatism.
Speaking of sid: How much impact will a situation like xz-backdoor (supply-chain-attack) have in this situation?
The packages are rotating at a high speed in Debian sid (bleeding edge).
So, checking all this cannot be done that intensive like in stable, which is absolutely clear to me.
Which leads me to the conclusion, that you are at a higher risk when using sid as daily desktop driver. (not from the stability view - from the security view).
Would you say that this is the way it is cause its sid (and it is not for daily use it is a developerbranch?)
OR
Would you say that my thoughts are (completely) wrong and the securitychecks are also very good in sid, so e.g. a supply-chain-attack should not happen? (someone sneaks a malicious package into sid).
In my opinion this "security-problem" may arise for all "rolling-(like)-distributions" cause of the high speed of the packagerotation.
I also want to point out that this is no criticism, I just want to know what you think.![:wink:]( "Wink")
Debian is a great Distribution and never lets me down!![:D]( "Very Happy")
just some short questions concerning the security of debian sid. Afaik packages are created by the developers of the package (upstream-maintainers) and then the debian-maintainers take over to prepare the package for the repos. Before that packages are checked by some automatism.
Speaking of sid: How much impact will a situation like xz-backdoor (supply-chain-attack) have in this situation?
The packages are rotating at a high speed in Debian sid (bleeding edge).
So, checking all this cannot be done that intensive like in stable, which is absolutely clear to me.
Which leads me to the conclusion, that you are at a higher risk when using sid as daily desktop driver. (not from the stability view - from the security view).
Would you say that this is the way it is cause its sid (and it is not for daily use it is a developerbranch?)
OR
Would you say that my thoughts are (completely) wrong and the securitychecks are also very good in sid, so e.g. a supply-chain-attack should not happen? (someone sneaks a malicious package into sid).
In my opinion this "security-problem" may arise for all "rolling-(like)-distributions" cause of the high speed of the packagerotation.
I also want to point out that this is no criticism, I just want to know what you think.
Debian is a great Distribution and never lets me down!
Statistics: Posted by mcdaniels — 2025-01-27 20:24 — Replies 0 — Views 36
