[Arm-netbook] Logging and journaling

Julie Marchant onpon4 at riseup.net
Sat Feb 11 14:43:11 GMT 2017


On 02/11/2017 08:21 AM, Luke Kenneth Casson Leighton wrote:
> https://www.theregister.co.uk/2017/01/24/systemd_flaw/
> 
> "Newer" versions of systemd deployed by Fedora or Ubuntu have been
> secured, but Debian systems are still running an older version and
> therefore need updating.
> 
> systemd is a suite for building blocks for Linux systems that provides
> system and service management technology. Security specialists view it
> with suspicion and ***>>>complaints about function creep are not
> uncommon<<<***.
> 
> https://betanews.com/2016/10/07/systemd-vulnerability-linux-crash/
> 
> The reason he has decided to disclose the bug publicly was to bring
> further attention to problems with a widely used component in Linux
> called systemd that Ayer believes is "defective by design".
> 
> However, others believe disclosing such a bug without first contacting
> systemd's developers is irresponsible. Ayer was critical of systemd
> for being overly complex and made the argument that Linux developers
> have "fallen behind other operating systems in writing secure and
> robust software".
> 
> https://cve.mitre.org/cgi-bin/cvekey.cgi?keyword=systemd

This is all FUD. Of course systemd ends up with vulnerabilities because
of bugs. So does Linux, Bash, OpenSSL, SSH, Apache, etc. Debian responds
to those vulnerabilities by fixing them. There is no fundamental
difference with systemd.

If you want to talk about vulnerabilities, a years-old snapshot of
Debian Testing is almost certainly *filled* with vulnerabilities all
over the place, and only technically minded people will know how to fix
them, because this is an old Testing snapshot. So in the name of
"ethics" where it's somehow unethical to distribute a 100% libre program
you don't like, you'll be giving any non-technical users an insecure
system that they don't know how to update, and if they do find out how,
they'll just be left wondering why it wasn't updated in the first place.
Most likely, they'll assume that you are incompetent or just don't care.

And this is especially bad considering that of all the distros you
offered, Debian is the most user-friendly, if you distribute *stable,
stock* Debian. That was the only reason why I ordered some Debian cards.
Knowing that you are not delivering what I want to be on the card that
I'm going to give to my mother, I see now that this was completely
pointless. I'm going to have to do all of the work to make sure she has
a system she can use properly because you refuse to cooperate just by
delivering the current, stable, stock Debian.

This is not something that personally affects me very much; I should be
able to figure out how to install Debian on my own, and I was planning
to do so anyway. But you are making it needlessly difficult for your
project to succeed by taking this zealous hardline stance against
systemd; it means that only retailers that know how to install whatever
OS the user wants (e.g. Think Penguin) will be able to sell anything
that non-technical people can use. You can forget your dream of having
EOMA68 hardware on Wal-mart's shelf in that case.

-- 
Julie Marchant
https://onpon4.github.io

Protect your emails with GnuPG:
https://emailselfdefense.fsf.org

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: OpenPGP digital signature
URL: <http://lists.phcomp.co.uk/pipermail/arm-netbook/attachments/20170211/df7fe704/attachment.sig>


More information about the arm-netbook mailing list