<uwumeowmeownyaa>
remiliascarlet: would you mind telling the reason why you consider CRUX GNU/Linux distribution to be vulnerable? As for me, it has the least attack surface due to small number of packages installed...
<uwumeowmeownyaa>
Also, there are not many packages on the CRUX GNU/Linux package manager, so chances of accidentally installing a backdoor are lower.
tilman has quit [Ping timeout: 252 seconds]
tilman has joined #crux
mrms has quit [Ping timeout: 260 seconds]
uwumeowm` has joined #crux
swagtoy has quit [Quit: We]
nekobit has joined #crux
gub has quit [Ping timeout: 260 seconds]
mrms has joined #crux
gub has joined #crux
uwumeowmeownyaa has quit [Ping timeout: 252 seconds]
zorz has quit [Quit: leaving]
dusk_ has quit [Ping timeout: 265 seconds]
groovy2shoes has joined #crux
dusk_ has joined #crux
_moth_ has quit [Ping timeout: 260 seconds]
btcgiveaway has joined #crux
frinnst has quit [Ping timeout: 276 seconds]
nekobit has quit [Quit: We]
uwumeowm` has quit [Remote host closed the connection]
<remiliascarlet>
uwumeowmeownyaa: Well, if it has a Linux kernel, it's vulnerable. But that's not what I meant. I meant that if packages or ports are available at a rolling release schedule, it'll cause breakages in the long run. Plus you're compiling everything from source every time, which creates a lot of overhead if lots of people visit your server. Both are fine for desktop use, but not for server use.
SiFuh has quit [Remote host closed the connection]
SiFuh has joined #crux
serpente has quit [Remote host closed the connection]
SiFuh has quit [Remote host closed the connection]
SiFuh has joined #crux
groovy2shoes has quit [Remote host closed the connection]
groovy2shoes has joined #crux
dusk_ has quit [Ping timeout: 260 seconds]
dusk_ has joined #crux
_moth_ has joined #crux
lavaball has joined #crux
ppetrov^ has joined #crux
ppetrov^ has quit [Quit: Leaving]
henesy has quit [Ping timeout: 272 seconds]
gub has quit [Ping timeout: 264 seconds]
z812 has quit [Ping timeout: 264 seconds]
mrms has quit [Ping timeout: 246 seconds]
rbnhn has quit [Ping timeout: 272 seconds]
rbnhn has joined #crux
mrms has joined #crux
zorz has joined #crux
gub has joined #crux
groovy2shoes has quit [Remote host closed the connection]
z812 has joined #crux
zorz has quit [Quit: leaving]
henesy has joined #crux
groovy2shoes has joined #crux
<cruxbot>
[xorg/3.7]: [notify] xorg-server: updated to version 21.1.14
<cruxbot>
[opt/3.7]: libnl: updated to version 3.11.0
<cruxbot>
[opt/3.7]: fetchmail: updated to version 6.5.0
dusk_ has quit [Remote host closed the connection]
zorz has joined #crux
Tedesfo has joined #crux
zorz has quit [Quit: leaving]
uwumeowmeownyaa has joined #crux
<uwumeowmeownyaa>
remiliascarlet: I don't believe that rolling release model can lead to breakages. In contrast, Debian is known to have applied patches that compromised Debian users. The most outstanding case was when Debian maintainers decided that they know a lot about cryptography, effectively ruining it. As for the compilation from sources causing havoc because it happens every time a user queries the server... "Skibidi dop dop yes yes", as some
<uwumeowmeownyaa>
would say.
<remiliascarlet>
uwumeowmeownyaa: Compromised is not the same as broken.
ppetrov^ has joined #crux
<remiliascarlet>
I mean in terms of "today this binary works, 1 update later and the binary suddenly no longer works, because 1 library it depends on got updated, therefore I need to re-compile the binary for it to work again".
<remiliascarlet>
The most common problem of dynamic linking, and also the most commonly ignored one.
<uwumeowmeownyaa>
Looks like compiling things from sources can save one from such issues.
exark has quit [Ping timeout: 248 seconds]
<remiliascarlet>
In what way exactly?
<remiliascarlet>
Dynamic linking is like communism; sounds nice on paper, but is an absolute disaster in reality.
dim44 has quit [Ping timeout: 264 seconds]
groovy3shoes has joined #crux
ardo has joined #crux
<remiliascarlet>
The promise is that a library needs to be updated once, and it gets updated in all binaries automagically. The reality is that it leads to such changes that binaries get confused and/or can't find the library anymore becaused the versioning is different, which leads to all binaries depending on that library to get re-compiled again.
Stealth- has joined #crux
exark has joined #crux
dim44 has joined #crux
groovy2shoes has quit [Remote host closed the connection]