That's the nature actually of modern technological security, that no, we should never be confident. The trouble is that people are assaulted with commercial communications about what technology is; and what security is in that line of communications, is reliance on commercial organizations.#1 Post by Diesel330 » 2024-11-22 13:08
...
if they don't supervise the kernel I think they shouldn't be so confident, they couldn't be actually
Check this out for example: https://bashify.io/i/N42K4b_screenshot_ ... 5_15_53_12
This is a picture of the default mitigations for cpu vulnerabilities built in to debian's kernel. That information is available globally, and publicly, and anyone can look at it, and identify holes in our defenses relying on the default debian kernel.
Not only can they observe the default kernel (the core of each of our operating system, which is an interface to the most critical aspects of our systems security) configuration's cpu vulnerability mitigations, but they can observe wide ranging and in depth aspects of our entire system configuration, as it is definitively an open source project, and strives to meet the requirements of an open source project.
The whole issue of technological security is a matter that requires extraordinary expertise to competently comprehend and implement, and that includes auditing of source code, and the operations of applications such as the linux kernel, but it is an issue reserved for the top experts in the field of technology in general. So while Debian is a distribution of Linux, and a collection of free software mainly, including GNU, and many other programs, it is part of a greater community of developers that do constantly work to improve the security of their own systems, and the software we rely on every day.
So again, security is not an issue, to ever become "confident" about, it's a constant daily struggle, and requires that the people who use technological applications take proactive measures to secure themselves, and their systems, far beyond what merely auto-updates can do for them in that regard.
Statistics: Posted by gamingondebian — 2025-01-05 21:08 — Replies 9 — Views 544