Ubuntu's QA and skills at patching

Cathal Garvey cathalgarvey at cathalgarvey.me
Mon Oct 13 12:08:13 PDT 2014


What's the security trade-off of using Arch, which gets the latest
patches and seemingly likes to rely on developers' repos, versus getting
the latest builds with new and exciting bugs?

That is, Debian has a "stable" branch that is, to most people,
excessively so. But security wise, you're pretty sure it's got less
vulns than their "testing" branch. How does this compare to Arch, which
goes for bleeding edge and unashamedly breaks now and then?

On 13/10/14 14:35, danimoth wrote:
> On 13/10/14 at 03:50pm, Georgi Guninski wrote:
>> lol :)
>>
>> https://lists.ubuntu.com/archives/ubuntu-security-announce/2014-September/002679.html
>>
>> USN-2363-1 fixed a vulnerability in Bash. Due to a build issue, the
>> patch
>> for CVE-2014-7169 didn't get properly applied in the Ubuntu 14.04 LTS
>> package. This update fixes the problem.
>>
>> We apologize for the inconvenience.
> 
> 
> Don't trust distro that do not use vanilla packages (like Debian, of
> course).
> 
> Try to trust who build vanilla packages; usually developers know much
> more on their software than an anonymous packager.
> 
> For example, I cite ArchLinux [1] where it is clear that they take
> patches directly from [2].
> 
> Have a nice day
> 
> [1]
> https://projects.archlinux.org/svntogit/packages.git/commit/trunk?h=packages/bash&id=6faff0d7b1cc951d8bf949b142d070788a8f56e2
> [2] http://ftp.gnu.org/gnu/bash/bash-4.3-patches/
> 

-- 
Twitter: @onetruecathal, @formabiolabs
Phone: +353876363185
Blog: http://indiebiotech.com
miniLock.io: JjmYYngs7akLZUjkvFkuYdsZ3PyPHSZRBKNm6qTYKZfAM
-------------- next part --------------
A non-text attachment was scrubbed...
Name: 0x988B9099.asc
Type: application/pgp-keys
Size: 6176 bytes
Desc: not available
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20141013/0be7055a/attachment-0002.key>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 836 bytes
Desc: OpenPGP digital signature
URL: <https://lists.cpunks.org/pipermail/cypherpunks/attachments/20141013/0be7055a/attachment-0002.sig>


More information about the cypherpunks mailing list