[arch-general] Arch Linux security is still poor....

Denis Kobozev d.v.kobozev at gmail.com
Wed Mar 17 02:06:05 CET 2010


On Mon, Mar 15, 2010 at 5:43 PM, Ananda Samaddar <ananda at samaddar.co.uk>
> Would there be any enthusiasm for a dedicated security team?  I feel
> strongly enough about it that if something can't be done then I'm
> switching to another distro. Despite the fact that I really like Arch,
> it's one deficiency is a pretty glaring one in my opinion.  I hope this
> doesn't turn into a flamefest and my opinions are by no means meant to
> be a slight on the Arch devs or community.

I'm going to chime in and repeat what some of the others have said - I
too would like to see some evidence that Arch as a distro has security
issues other that those that should be fixed upstream. Since Arch
always has the latest versions of software, it should automatically
have all the latest security fixes - there's no need to backport
patches to old versions of software, like Debian does.

Security issues arising from poor default config files should be and
are addressed by individual package maintainers. Again, I'm not aware
of any cases where a maintainer's poor job resulted in a security
issue - probably because each package is a vanilla package and doesn't
contain any customized configs (again, Debian comes to mind).

Best,
Denis.


More information about the arch-general mailing list