What's the security trade-off of using Arch, which gets the latest patches and seemingly likes to rely on developers' repos, versus getting the latest builds with new and exciting bugs? That is, Debian has a "stable" branch that is, to most people, excessively so. But security wise, you're pretty sure it's got less vulns than their "testing" branch. How does this compare to Arch, which goes for bleeding edge and unashamedly breaks now and then? On 13/10/14 14:35, danimoth wrote:
On 13/10/14 at 03:50pm, Georgi Guninski wrote:
lol :)
https://lists.ubuntu.com/archives/ubuntu-security-announce/2014-September/00...
USN-2363-1 fixed a vulnerability in Bash. Due to a build issue, the patch for CVE-2014-7169 didn't get properly applied in the Ubuntu 14.04 LTS package. This update fixes the problem.
We apologize for the inconvenience.
Don't trust distro that do not use vanilla packages (like Debian, of course).
Try to trust who build vanilla packages; usually developers know much more on their software than an anonymous packager.
For example, I cite ArchLinux [1] where it is clear that they take patches directly from [2].
Have a nice day
[1] https://projects.archlinux.org/svntogit/packages.git/commit/trunk?h=packages/bash&id=6faff0d7b1cc951d8bf949b142d070788a8f56e2 [2] http://ftp.gnu.org/gnu/bash/bash-4.3-patches/
-- Twitter: @onetruecathal, @formabiolabs Phone: +353876363185 Blog: http://indiebiotech.com miniLock.io: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM