• danA
      link
      fedilink
      arrow-up
      4
      ·
      edit-2
      1 year ago

      Definitely on Debian, and I think on Ubuntu too.

      Package maintainers can be slow to update packages though. Debian have a separate security team that get patches out ASAP, and those packages go into a separate security repo. I imagine Ubuntu does the same. It’s that security team that only deals with “official” packages, meaning anything that’s not in contrib, non-free, or non-free-firmware.

      • interceder270@lemmy.world
        link
        fedilink
        arrow-up
        1
        arrow-down
        1
        ·
        1 year ago

        To me, it looks like Debian and Ubuntu are both secure but you have to pay extra to make Ubuntu at least as secure as Debian.

        • danA
          link
          fedilink
          arrow-up
          1
          ·
          1 year ago

          What you’re paying extra for are timely security updates for community-maintained packages that aren’t an official part of the OS. Debian doesn’t provide that for free either. Debian doesnt provide it at all since they don’t have any paid options.

            • danA
              link
              fedilink
              arrow-up
              1
              ·
              edit-2
              1 year ago

              No. All the official packages in the main repo get security updates from the Debian security team.

              Only the packages in contrib, non-free and non-free-firmware don’t have official security updates and rely on the package maintainers. These are not considered part of the Debian distro, and I don’t even have them enabled on my servers.

              Out-of-the-box, Debian only enables the main repo, plus the non-free-firmware one if any of your devices require it (e.g. Nvidia graphics, Realtek Bluetooth, etc). You have to manually enable contrib and non-free, and by doing that, it’s assumed you know what you’re doing.

              In the case of non-free and non-free-firmware, they can be closed source software (like the Nvidia drivers) or have a non-open-source license that doesn’t allow distributing modified versions. In those cases, the Debian team is unable to patch them even if they wanted to.