Hi Cathal, I do not want to start a flame-war, just my opinions inline. On 13/10/14 at 08:08pm, Cathal Garvey wrote:
What's the security trade-off of using Arch, which gets the latest patches and seemingly likes to rely on developers' repos, versus getting the latest builds with new and exciting bugs?
You're assuming that new releases == new bugs, my assumption is new releases == new bugs fixed. You're right (in a general sense) when the updated software has new features; new features have always new bugs (but major number version advancement does not often happen).
That is, Debian has a "stable" branch that is, to most people, excessively so. But security wise, you're pretty sure it's got less vulns than their "testing" branch. How does this compare to Arch, which goes for bleeding edge and unashamedly breaks now and then?
What I really hate is the "I'm better than developers" mentality. What I want is using the lastest version from official developers (e.g. lastestes version of OpenSSL, right now at 1.0.1i) and not an old version patched with pieces of code taken from later releases (e.g. OpenSSL 1.0.1e in Wheezy). The focal point is really simple: I do not trust packagers which heavily edit the software they are packaging (Debian, Arch, Mint.. no differences here) because I consider the software developers the only ones which can "safely" (<-- take it with a grain of salt) make modifications to their software. D.