Accessible Distros for a beginner?

Linux for blind general discussion blinux-list at redhat.com
Sat Aug 22 00:21:37 UTC 2020 

You know when it gets really interesting for the Security Teams?  When
they fix one vulnerability and discover they opened up a continuous
chain of vulnerabilities emanating from the fix they just made.  That's
when those teams get to earn their pay.

On Fri, 21 Aug 2020, Linux for blind general discussion wrote:

> Date: Fri, 21 Aug 2020 18:44:29
> From: Linux for blind general discussion <blinux-list at redhat.com>
> To: Linux for blind general discussion <blinux-list at redhat.com>
> Subject: Re: Accessible Distros for a beginner?
>
> The working assumption behind within a reasonable time is that the
> security team either has or finds a good fix for the vulnerabilities
> exposed.  Microsoft which has way better funding than Debian has let
> vulnerabilities continue for months in some cases.
>
> On Sat, 22 Aug 2020, Linux for blind general discussion wrote:
>
> > Date: Fri, 21 Aug 2020 17:10:21
> > From: Linux for blind general discussion <blinux-list at redhat.com>
> > To: Linux for blind general discussion <blinux-list at redhat.com>
> > Subject: Re: Accessible Distros for a beginner?
> >
> > On Fri, 21 Aug 2020, Linux for blind general discussion wrote:
> >
> > > Being way behind in lots of packages means security exposures galore.
> > > Exim was hacked by the Russians already and ssh servers world-wide have
> > > malware attacking them now too.
> >
> > This is why you subscribe to Debian security updates, which should be
> > configured by default.
> >
> > >From their security page:
> >
> >    Debian takes security very seriously. We handle all security problems
> > brought to our
> >    attention and ensure that they are corrected within a reasonable timeframe.
> > Many advisories
> >    are coordinated with other free software vendors and are published the same
> > day a
> >    vulnerability is made public and we also have a Security Audit team that
> > reviews the
> >    archive looking for new or unfixed security bugs.
> >
> > Security fixes are provided for a year after the next stable version of Debian
> > is released.  In practice, this tends to mean that a Debian release will get
> > regular security fixes for three years.
> >
> > Following this, LTS security updates for certain architectures will be
> > provided for an additional two years or so.
> >
> > You can get Debian security notices via email if you wish.
> >
> > For more information, see https://security.debian.org and
> > https://wiki.debian.org/LTS
> >
> > Both Exim and SSh have had several security fixes applied since Debian Buster
> > was released.
> >
> > If you are concerned about a specific vulnerability, you can use its CVE
> > number and the resources at security.debian.org to see if these have been
> > fixed in Debian.
> >
> > For Debian installations, you can also see which security updates have been
> > applied by reading /usr/share/doc/<packagename>/changelog.debian.gz
> >
> > HTH,
> > Geoff.
> >
> > _______________________________________________
> > Blinux-list mailing list
> > Blinux-list at redhat.com
> > https://www.redhat.com/mailman/listinfo/blinux-list
> >
> >
>
>

--

More information about the Blinux-list mailing list