Focus on Linux
Re: Re: Red Hat vs Debian Linux: overall security Dec 13 2006 12:19AM
tubbs wispdirect com
Only question is, why leave all of the packages you don't need installed after installation. Is this a Desktop installation, or a server installation?
I have vast experience with Ubuntu (debian derived) and FC1-5.

After an install on ubuntu you can simply do a:
pkg-query -W --showformat='${Installed-Size} ${Package}\n' | sort -nr | less

And start: apt-get remove --purge <package name>
on all of the packages not needed.

Also, ubuntu seems to announce vulnerability fixes to the lists far quicker than RedHat (if redhat ever even announces a fix). Ubuntu also include them into their package repository much quicker.

With that said, and due to the topic description, I won't even stress the fact that Ubuntu/Debian Desktop is far more stable than Fedora Desktop, not only tested by me, but by dozens of other workstations near mine (nvidia driven).

You can only really judge security based on non 3rd party package inclusion, and also after your fw rule-sets are in place along with all other policies... otherwise you're the total opposite of openbsd which includes no packages by default :) and has never been hacked after a default install... oh wait, I forgot about the ssh exploits... and the others not to mention.

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus