Announcement

Collapse
No announcement yet.

Mageia 8 Released - Flips On AMDGPU For Older GCN GPUs, Better ARM Support

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • aht0
    replied
    Originally posted by Vistaus View Post

    And just for the record: I'm not a Megaia fanboy. In fact, I've never even used Mageia, Mandriva or Mandrake - I just base my arguments on the evidence that I can see in statistics, commits and whatnot since it's FOSS.
    Mandrake Linux was for me 2nd distro to use after Red Hat 5.2 back in the day. It was kind of natural migration because Mandrake originated from Red Hat and it wasn't all that different yet under the hood.

    I am pretty sure that 90% of posters in this very thread have never used Mandrake/Mandriva/Mageia and just troll/spread FUD because it's not one of their "things everyone should use".

    Leave a comment:


  • Vistaus
    replied
    Originally posted by GdeR View Post

    Really, I'm no Debian fanboy (I'm more on the Fedora/RHEL side), but I wouldn't compare Mageia to Debian. If anything, that's the reliability I was talking about that can't be guaranteed based on what even one of their main developers said: https://www.reddit.com/r/linux/comme...eb2x&context=3
    And just for the record: I'm not a Megaia fanboy. In fact, I've never even used Mageia, Mandriva or Mandrake - I just base my arguments on the evidence that I can see in statistics, commits and whatnot since it's FOSS.

    Leave a comment:


  • aht0
    replied
    Originally posted by piorunz View Post
    That's what under-developed distro fan brings when he have no arguments ?
    No, that's literally what I as a "normally BSD user" would do when I have older computer that can't take Win10 for a user who needs user-friendly distro. I'd put Mageia on it. Used to be Mint (because it could take official openEID packages made for Ubuntu).

    Leave a comment:


  • piorunz
    replied
    Originally posted by BronzeBeard View Post

    I'm not going to waste too much time, but let's break down some of your arguments.

    OK, Debian has 1000 auditors, auditing software on the system. Great. What software does Debian write that requires audit? Answer is very little. First party wise, they have a few installers and a lot of scripts.

    Mostly they're auditing third party programs. 50,000 as you said. Let's look at the last 5 DSA's announced on this page:

    python-aiohttp <- Third party program
    nodejs <- Third party program
    firefox-esr <- Third party program
    screen <- Third party program
    openldap <- Third party program

    Anytime there is a CVE or update to third party core software, Debian package builders will update the packages src, build them, test them, and ship them out.

    If the Debian security auditors find a bug, they'll fix it, and then upstream it. The upstreamer takes the patch, rolls out a new version, and then guess what happens? That's right, other Distros get the CVE or update. Their package builders update the src, build, test, and then ship it out.

    The end result is whatever Debian fixes with their 1000 man security team is likely to end up in Mageia and any other distro out there.

    You are correct, Mageia probably doesn't have the man power to audit third party programs at scale. But to be honest with you, they don't need to. Any security issues Debian finds with their 1000 man army, will end up fixed in Mageia and other distros as a result. (Even BSDs, Mac, Windows, etc get the benefit of these audits.)

    Also by that token, you might want to dump Debian and use Red Hat. IBM has 13,500 paid employees, working full time in and around the system. Lot more man power, fixes, and even software comes out there.




    FYI, Debian SELinux would be the correct answer to my question, but then you're losing a whole bunch of functionality.

    Remember, Linux distros are 99.5% a collection of third party programs. Most of them GPL. So long as the third party programs are up-to-date, and built sanely, you have about as secure as you will need for a desktop machine.

    Servers are another story. Mageia isn't really a server OS.
    Thanks for taking your time replying me, I really appreciate it. Just one correction: Debian has 1000 active developers. Security team and audit team has undisclosed number of people working on it.

    Leave a comment:


  • BronzeBeard
    replied
    Originally posted by piorunz View Post

    https://www.debian.org/security/

    Here. Have a read. How Mageia compares to that?
    Do they have dedicated security team?
    Do their security team fixes packages, where maintainers can't, like in Debian?
    Do they have security audits, by separate team?
    Do they maintain stable and old stable releases, with security team cherry picking and maintaining fixes from upstream?
    Do Mageia coordinate work of 1000 devs and 50000 packages, so Debian works and all distros based on it are working fine?
    No. Mageia can't do nothing with 3 devs working in free hours on the project. That's they difference between Debian security and Mageia.
    I'm not going to waste too much time, but let's break down some of your arguments.

    OK, Debian has 1000 auditors, auditing software on the system. Great. What software does Debian write that requires audit? Answer is very little. First party wise, they have a few installers and a lot of scripts.

    Mostly they're auditing third party programs. 50,000 as you said. Let's look at the last 5 DSA's announced on this page:

    python-aiohttp <- Third party program
    nodejs <- Third party program
    firefox-esr <- Third party program
    screen <- Third party program
    openldap <- Third party program

    Anytime there is a CVE or update to third party core software, Debian package builders will update the packages src, build them, test them, and ship them out.

    If the Debian security auditors find a bug, they'll fix it, and then upstream it. The upstreamer takes the patch, rolls out a new version, and then guess what happens? That's right, other Distros get the CVE or update. Their package builders update the src, build, test, and then ship it out.

    The end result is whatever Debian fixes with their 1000 man security team is likely to end up in Mageia and any other distro out there.

    You are correct, Mageia probably doesn't have the man power to audit third party programs at scale. But to be honest with you, they don't need to. Any security issues Debian finds with their 1000 man army, will end up fixed in Mageia and other distros as a result. (Even BSDs, Mac, Windows, etc get the benefit of these audits.)

    Also by that token, you might want to dump Debian and use Red Hat. IBM has 13,500 paid employees, working full time in and around the system. Lot more man power, fixes, and even software comes out there.




    FYI, Debian SELinux would be the correct answer to my question, but then you're losing a whole bunch of functionality.

    Remember, Linux distros are 99.5% a collection of third party programs. Most of them GPL. So long as the third party programs are up-to-date, and built sanely, you have about as secure as you will need for a desktop machine.

    Servers are another story. Mageia isn't really a server OS.
    Last edited by BronzeBeard; 28 February 2021, 02:45 AM. Reason: I suck at grammar.

    Leave a comment:


  • piorunz
    replied
    Originally posted by BronzeBeard View Post

    Please show me where Debian is any more or less secure than Mageia.

    Debian auto compiles updates to third party software just like pretty every other distro out there. Including Mageia. It doesn't take a thousand people to update sudo and push it to your users.
    https://www.debian.org/security/

    Here. Have a read. How Mageia compares to that?
    Do they have dedicated security team?
    Do their security team fixes packages, where maintainers can't, like in Debian?
    Do they have security audits, by separate team?
    Do they maintain stable and old stable releases, with security team cherry picking and maintaining fixes from upstream?
    Do Mageia coordinate work of 1000 devs and 50000 packages, so Debian works and all distros based on it are working fine?
    No. Mageia can't do nothing with 3 devs working in free hours on the project. That's they difference between Debian security and Mageia.

    Leave a comment:


  • BronzeBeard
    replied
    Originally posted by piorunz View Post

    That's what under-developed distro fan brings when he have no arguments ?
    Please show me where Debian is any more or less secure than Mageia.

    Debian auto compiles updates to third party software just like pretty every other distro out there. Including Mageia. It doesn't take a thousand people to update sudo and push it to your users.
    Last edited by BronzeBeard; 27 February 2021, 09:06 PM.

    Leave a comment:


  • piorunz
    replied
    Originally posted by aht0 View Post
    These folks who lament about it's supposed lack of "security" - want security go use OpenBSD or shut up. Desktop Linux is last place to search it from.
    That's what under-developed distro fan brings when he have no arguments ?

    Leave a comment:


  • aht0
    replied
    Originally posted by nist View Post
    I've installed Mageia today from the Plasma live version. How easy the installation process is! Very straight and fast. Just two questions. And one modification I made in live where ported to the installed system. If I also consider that the package manager is good, and that the Mageia Control Center is a wonderful program to manage many things, there is no reason to suggest this distro to everyone. Many famous distros are overrated in my opinion.
    I remember when Mandrake was the only Linux distro user oriented. No more another one like that.
    Mageia Control Center is a nice piece of software, actually useful for controlling basic desktop/OS functions through graphical UI while not being either over-simplified or over-complicated. And it still looks nice by design. Been that way since Mandrake (which preceded Mandriva). Also it's openEID support (for whom it matters) is excellent. Ubuntu or Debian are metaphorically not even in same building by it's user-friendliness, not to mention being anywhere close. When it comes to openEID (national ID authentication/signing) official support (Ubuntu by government order) is worse than Mageia's (which works OTB). It's closest to coherent experience some Linux desktop distro can offer - Ubuntu can sit its multiple haphazard config utilities in itself, it still does not lose the impression of software puzzle sewed together.

    These folks who lament about it's supposed lack of "security" - want security go use OpenBSD or shut up. Desktop Linux is last place to search it from. Measures promoting user-friendliness and convenience run counter to common security practices. You can add dozens or hundreds of layers of code over potential holes but it's still patch upon patch masquerading as security. More piled-down patchwork code = also can mean more chances somebody would find some hole and way to use it. My 2c.
    Last edited by aht0; 27 February 2021, 08:09 PM.

    Leave a comment:


  • piorunz
    replied
    Originally posted by Vistaus View Post

    It's only bad security-wise if they would only release security updates through new images, but that isn't true: they release them timely through the update manager. In fach, Mageia 7 has had more security updates then Debian Stable, go figure.
    Comparing Debian with 1000 active developers, to Mageia... How many are there? 3?
    Debian has security update when there is a problem to fix. That's the whole point. BSD distros go for months without any new security holes, therefore no updates.

    Leave a comment:

Working...
X