00:38 <uwumeowmeownyaa> remiliascarlet: would you mind telling the reason why you consider CRUX GNU/Linux distribution to be vulnerable? As for me, it has the least attack surface due to small number of packages installed...

00:40 <uwumeowmeownyaa> Also, there are not many packages on the CRUX GNU/Linux package manager, so chances of accidentally installing a backdoor are lower.

03:20 <remiliascarlet> uwumeowmeownyaa: Well, if it has a Linux kernel, it's vulnerable. But that's not what I meant. I meant that if packages or ports are available at a rolling release schedule, it'll cause breakages in the long run. Plus you're compiling everything from source every time, which creates a lot of overhead if lots of people visit your server. Both are fine for desktop use, but not for server use.

11:11 <cruxbot> [xorg/3.7]: [notify] xorg-server: updated to version 21.1.14

11:12 <cruxbot> [opt/3.7]: libnl: updated to version 3.11.0

11:12 <cruxbot> [opt/3.7]: fetchmail: updated to version 6.5.0

11:42 <cruxbot> [opt/3.7]: openmp: 19.1.2 -> 19.1.3

11:42 <cruxbot> [opt/3.7]: lld: 19.1.2 -> 19.1.3

11:42 <cruxbot> [opt/3.7]: compiler-rt: 19.1.2 -> 19.1.3

11:42 <cruxbot> [opt/3.7]: llvm: 19.1.2 -> 19.1.3

11:42 <cruxbot> [opt/3.7]: lldb: 19.1.2 -> 19.1.3

11:42 <cruxbot> [opt/3.7]: libclc: 19.1.2 -> 19.1.3

11:42 <cruxbot> [compat-32/3.7]: llvm-32: 19.1.2 -> 19.1.3

11:42 <cruxbot> [opt/3.7]: clang: 19.1.2 -> 19.1.3

13:09 <uwumeowmeownyaa> remiliascarlet: I don't believe that rolling release model can lead to breakages. In contrast, Debian is known to have applied patches that compromised Debian users. The most outstanding case was when Debian maintainers decided that they know a lot about cryptography, effectively ruining it. As for the compilation from sources causing havoc because it happens every time a user queries the server... "Skibidi dop dop yes yes", as some

13:09 <uwumeowmeownyaa> would say.

13:18 <remiliascarlet> uwumeowmeownyaa: Compromised is not the same as broken.

13:19 <remiliascarlet> I mean in terms of "today this binary works, 1 update later and the binary suddenly no longer works, because 1 library it depends on got updated, therefore I need to re-compile the binary for it to work again".

13:20 <remiliascarlet> The most common problem of dynamic linking, and also the most commonly ignored one.

13:21 <uwumeowmeownyaa> Looks like compiling things from sources can save one from such issues.

13:23 <remiliascarlet> In what way exactly?

13:24 <remiliascarlet> Dynamic linking is like communism; sounds nice on paper, but is an absolute disaster in reality.

13:26 <remiliascarlet> The promise is that a library needs to be updated once, and it gets updated in all binaries automagically. The reality is that it leads to such changes that binaries get confused and/or can't find the library anymore becaused the versioning is different, which leads to all binaries depending on that library to get re-compiled again.