Stability vs. Security

Here you can discuss every aspect of Debian. Note: not for support requests!

Stability vs. Security

Postby debbo » 2020-08-16 17:52

Hi everyone,

I am a long-time Ubuntu user considering switching to Debian.

As far as I understand, Debian is more stable with packages going through a long testing phase. As a matter of fact, this is exactly what I am looking for.

I am just somehow concerned about packages not receiving security updates in a timely manner. For example, Chromium 84 has been released mid July (fixing 38 security issues, one being critical). Yet buster is still on version 83 (https://packages.debian.org/buster/chromium) while other distributions have already provided updates.

Would you consider this a general trade-off for Debian packages that comes with increased testing or is chromium for same reason a special case? I like like Debian's emphasis on stability, but if I have to choose between stability and security, I will take the latter any day.
debbo
 
Posts: 2
Joined: 2020-08-16 17:09

Re: Stability vs. Security

Postby Head_on_a_Stick » 2020-08-16 18:09

The Debian Security Team is very good at pushing fixes in a timely manner but firefox-esr seems to fare better in that respect than chromium. Not sure why.

And note that "stable" in Debian refers to the package version flux, it is not a synonym for "reliability".
Black Lives Matter

Debian buster-backports ISO image: for new hardware support
User avatar
Head_on_a_Stick
 
Posts: 12485
Joined: 2014-06-01 17:46
Location: /dev/chair

Re: Stability vs. Security

Postby Deb-fan » 2020-08-16 18:49

Due to the long testing period Debian gnu/nix has to be both those things to great extent, stable and secure. Browsers are kind of a special case, its good you even caught that situation with chromium. Being the most used application on pc's think web browsers should receive more attention and care. Debian can be both the things you're after though, the development process involved assures users of that. Still nothing's perfect, not even Debian, close ... Still requires competent users. A system is only as secure or stable, as we make it. :)
Most powerful FREE tech-support tool on the planet * HERE. *
Deb-fan
 
Posts: 885
Joined: 2012-08-14 12:27

Re: Stability vs. Security

Postby Deb-fan » 2020-08-16 19:56

Oops, afterthought.

Mention that i tend to advocate special care when comes to web browsers. Has to be, is a major factor in system security. The Debian development process and the main focus being producing the stable branch OS, seems that newer versions of xyz-browser can get overlooked at times. My solution is going outside the normal channels to do for myself. Pretty much the entire time using gnu/linux have gotten Firefox directly from Mozilla and run it from my users home directory. Thus automatically receive updates as soon as they come out.

Chrome adds its own repo(or did) so same, Opera remember needing to add a repo for it, then same thing, minimum delays between when updates are put out and applied. People dont have to wait on a particular pkg maintainer to ensure they've got the latest security fixes for their browser(s.) Would even consider apt-pinning if needed to make sure browsers always latest. Newest version of Firefox is found in unstable, likely same for Chromium too. Anyone really concerned about running browsers without latest patches does have options.

People packaging all this software clearly overall do a great job but doesn't hurt to do for yourself either. :)
Most powerful FREE tech-support tool on the planet * HERE. *
Deb-fan
 
Posts: 885
Joined: 2012-08-14 12:27

Re: Stability vs. Security

Postby stevepusser » 2020-08-17 03:39

Chromium seems to be more difficult to build correctly than most other browsers. I backported the 84.0.4147.105 that was in Experimental a few days ago, but it crashed like chrazy, and I see that it's since been removed from upstream. Last month, a crashy version of chromium did make it into Buster security for a few days, but a patched update fixed that.
MX Linux packager and developer
User avatar
stevepusser
 
Posts: 11981
Joined: 2009-10-06 05:53

Re: Stability vs. Security

Postby debbo » 2020-08-17 16:26

Thank you for all your replies!

From what Head_on_a_Stick said, I take that security fixes are usually provided fast. I can live with manually installing and updating two or three programs where security fixes are not so easy to provide such as chromium, though I hope that it is not necessary to bypass the package manager for a greater number of packages.
debbo
 
Posts: 2
Joined: 2020-08-16 17:09


Return to General Discussion

Who is online

Users browsing this forum: No registered users and 8 guests

fashionable