[liberationtech] Fwd: [greg at pryzby.org: Ubuntu, Dash, Shuttleworth and privacy]
micah anderson
micah at riseup.net
Wed Feb 20 07:49:52 PST 2013
danimoth <danimoth at cryptolab.net> writes:
> On 19/02/13 at 11:48am, Lee Fisher wrote:
>> I'd suggest one that is fully-controlled by the community, like
>> Debian, or another one of your preference.
>>
>
> Anywhere in the world I won't use Debian, because of the fact that
> packages shipped are modified and patched a lot. That means other people
> (packagers) are doing the job of developers, and like all people that
> doesn't do their job, sometimes errors happen (do you remember the
> PRNG?).
Developers never made a mistake leading to a security problem, so
Debian's one mistake in 2006 should be forever trotted out as an example
of how Debian sucks, good point.
Sorry, but this distinction between Developers doesn't make sense, many
Debian *Developers* are developers themselves, often upstream to the
packages that they are shipping.
> We (as users) should require vanilla packages, or at least patched with
> patches from official developers (e.g. we have 1.2.0 bugged, meanwhile
> 1.2.1 is out we should have 1.2.0 patched).
You are free to do that, but please let us know how that goes. My
experience is that your hardline requirement is not realistic.
micah
More information about the liberationtech
mailing list