Hi, Am 10.07.2013 13:59, schrieb Sébastien Luttringer: > 7) Security > Debian is not more secure because their softwares are old. It's a lie. > Check the number of open flaw in the security bug tracker[10]. > If you want to be in a secure environment stay up-to-date, don't use > debian stable, use debian sid. So Archlinux is a good alternative. Nevertheless they have a policy as well as a team dedicated to these issues in place. Coming along with this is a well accredited mailing list informing you about current issues. Other "server distros" such as RHEL (and/or centos) have something very similar. As already pointed out Arch might not push all minor security releases into the official repositories. Especially in case of a new major kernel release, minor versions didn't always make it into the repositories in the past. I can totally live with this on my PC, but on a server I expect a little bit more on this front. I don't think that you can seriously consider something to be a "server distro" without a dedicated security policy and/or team, which will follow the known databases and/or mailing lists making absolutely sure that any security patches make it into the appropriate packages. One reason we all love Arch is because it doesn't heavily patch any packages. Therefore I'm not sure whether it is suited as a "server distro" at all. That said I'm using it myself on a couple of servers. However they are not publicly accessible, but are only serving their local networks. As pointed out the experience is a little bit different compared to "conservative" distributions like Debian, but not necessarily worse. There were updates in the past that broke a few things here and there, but generally speaking updates work just fine. And when upgrading packages to new versions, you will always run into problems. With Arch you can tackle them one by one, whereas with Debian and its derivatives you have to tackle them all at once with the next "dist-upgrade". Best regards, Karol Babioch
Attachment:
signature.asc
Description: OpenPGP digital signature