Jump to content

worst linux distributions

SCHISCHKA
 Share
Posted
7 minutes ago, SCHISCHKA said:

well that is an over simplification. I dont know what you mean by UNIX core; they're just adhering to the POSIX standards. MacOS shares code with other projects so its only part BSD

An oversimplification, but the truth if we're going to consider the core security of an OS that doesn't perform package signing by default. To be clear, I'm actually a half Windows half Debian user, so I enjoy my share of Linux administration and know my way around a Terminal Shell quite well.

 

POSIX Standards were formed in the 1980's after Unix paved the way back in the 1970's at AT&T Bell Laboratories, closely associated with XEROX Palo Alto Research Centre. (Now known as PARC Labs.) Nothing wrong with that actually; it's very good that we have OS standards to properly develop API calls. I also find it a bit ironic that Richard Stallman, the voice of the Free Software Foundation, is also the one behind the GNU License and the Free Software movement, yet OS's following POSIX standards (which was renamed by Stallman) don't follow anything to do with the Free Software Foundation. :P

 

Also, I only said macOS is based on BSD; obviously it's vastly different now, and actually ran the mach kernel for a while, which was developed in part by a Microsoft engineer. :D What I'm saying here is even though OS's are all different, they all share a common core.

Desktop: KiRaShi-Intel-2022 (i5-12600K, RTX2060) Mobile: OnePlus 5T | Koodo - 75GB Data + Data Rollover for $45/month
Laptop: Dell XPS 15 9560 (the real 15" MacBook Pro that Apple didn't make) Tablet: iPad Mini 5 | Lenovo IdeaPad Duet 10.1
Camera: Canon M6 Mark II | Canon Rebel T1i (500D) | Canon SX280 | Panasonic TS20D Music: Spotify Premium (CIRCA '08)

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
  • Author
4 minutes ago, kirashi said:

An oversimplification, but the truth if we're going to consider the core security of an OS that doesn't perform package signing by default. To be clear, I'm actually a half Windows half Debian user, so I enjoy my share of Linux administration and know my way around a Terminal Shell quite well.

 

i dont think package signing or anything will ever be a default on linux. Who would be the authority that would do the signing?

             ☼

ψ ︿_____︿_ψ_   

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
19 minutes ago, SCHISCHKA said:

i dont think package signing or anything will ever be a default on linux. Who would be the authority that would do the signing?

You don't even need an authority to do package signing; some devs have started to issue their own PGP-keys. Now, that's not as safe as actually having a signing authority check and sign code, but when you're using a mirror, it's better than not having any form of code signing.

 

For instance, Spotify on Linux does use the Ubuntu keyserver to authenticate its' installation package, which is a really good way to do things. I don't know if this costs them money or not, but I think more devs should use a similar approach, and either sign things with an official source, or at least using the same site for their packages. https://www.spotify.com/download/linux/

Desktop: KiRaShi-Intel-2022 (i5-12600K, RTX2060) Mobile: OnePlus 5T | Koodo - 75GB Data + Data Rollover for $45/month
Laptop: Dell XPS 15 9560 (the real 15" MacBook Pro that Apple didn't make) Tablet: iPad Mini 5 | Lenovo IdeaPad Duet 10.1
Camera: Canon M6 Mark II | Canon Rebel T1i (500D) | Canon SX280 | Panasonic TS20D Music: Spotify Premium (CIRCA '08)

Link to comment
Share on other sites
Link to post
Share on other sites
Posted
1 hour ago, kirashi said:

You don't even need an authority to do package signing; some devs have started to issue their own PGP-keys. Now, that's not as safe as actually having a signing authority check and sign code, but when you're using a mirror, it's better than not having any form of code signing.

 

For instance, Spotify on Linux does use the Ubuntu keyserver to authenticate its' installation package, which is a really good way to do things. I don't know if this costs them money or not, but I think more devs should use a similar approach, and either sign things with an official source, or at least using the same site for their packages. https://www.spotify.com/download/linux/

I guess the major distributions could set up their own trusted CA for linux applications, and developers could get their key signed by Debian/RedHat et al.

Intel i7 5820K (4.5 GHz) | MSI X99A MPower | 32 GB Kingston HyperX Fury 2666MHz | Asus RoG STRIX GTX 1080ti OC | Samsung 951 m.2 nVME 512GB | Crucial MX200 1000GB | Western Digital Caviar Black 2000GB | Noctua NH-D15 | Fractal Define R5 | Seasonic 860 Platinum | Logitech G910 | Sennheiser 599 | Blue Yeti | Logitech G502

 

Nikon D500 | Nikon 300mm f/4 PF  | Nikon 200-500 f/5.6 | Nikon 50mm f/1.8 | Tamron 70-210 f/4 VCII | Sigma 10-20 f/3.5 | Nikon 17-55 f/2.8 | Tamron 90mm F2.8 SP Di VC USD Macro | Neewer 750II

Link to comment
Share on other sites
Link to post
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now
 Share
Go to topic listing Linux, macOS and Everything Not-Windows

×