How can one trust a Linux distribution?
Hello.
Maybe we can not get 100% certainty, but even so, how could the average user afford to have reasonable trust in a certain Gnu/Linux distro? By ‘average user’ I mean someone who can only do a base install and is not an IT professional and therefore cannot inspect the source code by themselves, nor use/understand specialized tools for analyzing the software in detail; a ‘newbie’, in other words. Simply saying something like “Hey, look, the code is freely available there on the web!” does not really help, because one cannot easily find out if that code is exactly the same as the one that is in the compiled file. Making a parallel with the food industry: If you know that after an audit company X was found out of mismatching the ingredients in the actual product with those on the product’s label, how much would you be inclined to still buy and eat their product, assuming decent alternatives exist? Hopefully this topic will help more people make an informed decision when choosing their operating system. What answers would not help are those: -dealing solely with the nature of closed/proprietary code vs free/open source code (that area is already clear – we are interested in how much can we trust a free open source project) -stating only that ultimately there is impossible to have trust in any software (such an answer does not help one make an informed decision) -off-topic or derogatory statements (such an answer, besides being offensive, does not help one make an informed decision) Please, keep the topic on the linux distros, on the operating system; do not divert it on how Google and Facebook are the greater concerns etc. Let’s try to put this query into a few more concrete questions: 1. Considering Ubuntu’s susceptibility of spyware (Amazon searches in Unity) in the recent past, how can one have faith that current Ubuntu is to be trusted on other, more hidden to an average user, levels of software? 2. How would distributions based on Ubuntu be affected by such practices? Could they correct the bad parts? 3. Is it relevant in this context of trust how much patching a distro does to the upstream sources? 4. Based on what concrete factors would you trust a distro with your personal data on a daily basis? Why would you trust one distro over another? |
Quote:
On the other hand. An average user who seeks to advance somewhere, will open her/his eyes and her/his ears wide enough to gain the sovereignty needed to put precise questions. For the general palaver, try a web-search in Usenet-discussions since the 1990s. It is all there. Though mostly unrelated to Linux Distributions, the outcome of all those brainstorms are significant in any security-related context. What's nebulous? Am I nebulous? |
Surely part of the problem with Ubuntu is that it is marketed by a company and that makes it Windows-like in some respects. Yes, it's free software, but Canonical (like Microsoft) are ultimately in the business of making money, and this might create a conflict of interest with the users. They can't legally use some of the tricks that MS uses to swindle their users but there is always the temptation to use others. Of course that could apply to Red Hat too, and I'd be interested to know what Fedora users think about this.
For myself, I prefer distros like Debian that are run by community organisations, but that might just be a reflection of my socialist upbringing;). |
Quote:
Quote:
Quote:
Quote:
https://www.linuxquestions.org/quest...ty-4175544821/ Short answer: if you're concerned about Ubuntu, then don't use it or its derivatives. Longer answers:
|
I can't vet the source code, but there are plenty of people who can and a lot of them work on distros as developers! At least some-one can see what's in it, unlike with Windows.
If you want to be ultra-careful, use distros that make a point of using vanilla code, like Slackware, Arch, Gentoo, and their derivatives like Salix and Manjaro. But policy that might rule out enterprise distros like Red Hat / CentOS, where bug-fixes have to be backported to avoid using newer, less tested versions of programs. |
Hello again and thank you for taking the topic seriously.
Quote:
Quote:
I tried Debian, but I didn't have quite the satisfactory experience. There were still bugs in the Xfce version and they are not very friendly to newcomers either. These two facts alone influence trust, don't you think? Quote:
Quote:
Quote:
That old topic was not quite the same as this one. A distro may have good security features and still spy on its users. The two possibilities are quite compatible. Let me put it in different words: You may hire a guard for your house but that guard may still record your behaviour and sell it to interested parties for some extra cash. You may have nothing to hide, of course, but even so, is it fair? Should others simply ignore similar happenings? Quote:
..... Be well. |
Quote:
To add to the conversation, if you are really against Ubuntu with their amazon integration, than why not go to one of its derivatives, or better yet use Debian. edit: Secure distro's do not spy on the user, they are made for security in mind, and to protect the user from any threat that is out there, Qubes is a good example of this. |
one word: community - communication.
oh, that was two words. if that was the case, word would get out pretty quick. as it does. no, nothing is 100%, but this is as near as it gets. before installing software, look what the community has to say about it. if it was phoning home, word would get out. as it usually does. now, getting a good signal-to-noise ratio on the internet, that's a different thing. might take a little practice. |
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
Quote:
Again, you are confusing system security with browser/internet security. And no matter what you're talking about, security IS A PROCESS. You don't say "I'm loading Debian 8.43.23.4432 with this SPECIFIC kernel and these SPECIFIC settings and I will now be 100% SECURE FOREVER!". It doesn't work that way. Threats evolve...either you change with them or get caught by them. A 'secure' browser from ten years ago is swiss cheese now. The most current crypto/browser NOW will be that way in 2027. |
Quote:
Of course. None of my relatives cares, and I do not want to show nothing, especially not any kind of wonderland (hey, I am no US-American!)... don't know what distro X is. Are we in a comic strip ? I would not do anything of what you suppose I should do sometimes. Ignore the possibility... Yes, in deed. - How can one trust a Linux distribution Formulate precise questions to someone who knows stuff and draw your conclusions. Ω |
Quote:
BTW... There are a lot of opensource developers on this forum...How can you be >>100%<< sure about what they say;) |
Quote:
Another reason is that once a security vulnerability is found in linux it is usually patched or fixed or otherwise within a few days. Microsoft as an example only releases major patches on certain days of the month if I recall, they don't patch immediately upon finding something. That alone tells me which I should trust. |
Quote:
We should not care, some say. Yes, let’s not care what we eat, what treatments the doctors prescribe us, nor how much the companies which we support and encourage by using their products pollute the environment etc. etc. “Those who would give up essential Liberty, to purchase a little temporary Safety, deserve neither Liberty nor Safety.” (Benjamin Franklin) I thank only those who took the topic seriously and tried to address the concept of trust as it was requested by the initial post, without resorting to arrogance and truisms. This topic may be closed now. Farewell. |
Member response
Hi,
Quote:
Quote:
Gnu/Linux is not Windows; Quote:
Quote:
Have fun & enjoy! :hattip: |
Quote:
Quote:
Quote:
And if you don't realize that security is a process, and want to go on about how it is an 'arrogant truism', there is again nothing else we can tell you. |
All times are GMT -5. The time now is 06:57 PM. |