Announcement

Collapse
No announcement yet.

Debian 12 "Bookworm" Installer Alpha 1 Released

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • #11
    Originally posted by discordian View Post
    apt-get dist-upgrade? What's the issue?
    Official releases (including alphas and betas of the installer) are almost always better than the installer generated automatically (which I used). Even if there wasn't any QC/testing on the release, formal releases have components that are probably all in the same development stage.

    Comment


    • #12
      Hilarious to see people complaining about kernel version when it's only 30 minutes to download the latest version from kernel.org, import the .config file and build their own.

      Comment


      • #13
        Originally posted by nist View Post
        Maybe Debian has the less amount of spywares included in its products by default: geoclue should be the only. Others are features of applications. For instance, Network Manager has the feature "connectivity-check" (it's also a spyware without any doubt).
        You are insane if you think NetworkManager pinging a web server to see if you're actually online or not is "spyware".

        Comment


        • #14
          Originally posted by mxan View Post

          You are insane if you think NetworkManager pinging a web server to see if you're actually online or not is "spyware".
          Yes, I'm insane. ANd it is a spyware too.

          Comment


          • #15
            Originally posted by nist View Post

            Yes, I'm insane. ANd it is a spyware too.
            Your package manager is also "spyware" by that logic. You run `apt update && apt upgrade` and now Debian has your IP address and a list of all the packages on your system! ZOMG!

            Comment


            • #16
              Originally posted by mxan View Post

              Your package manager is also "spyware" by that logic. You run `apt update && apt upgrade` and now Debian has your IP address and a list of all the packages on your system! ZOMG!
              A spyware is a program that send data throu the internet connection without previous agreement. Good or bad intentions are irrilevant, only the personal and effective agreement is rilevant.

              Don't talk about Debian, because other famous distros do worst. I know. I know what I'm saying.

              Comment


              • #17
                Originally posted by ATLief View Post

                Official releases (including alphas and betas of the installer) are almost always better than the installer generated automatically (which I used). Even if there wasn't any QC/testing on the release, formal releases have components that are probably all in the same development stage.
                the effect of the Installer ist minimal (aslong as it can do its job). Other than maybe having some packages installed that arent default anymore, WE all life under one apt! (Bern some time since i used the installer, i usually Just debootstrap and Copy that over)

                Comment


                • #18
                  Originally posted by nist View Post
                  Maybe Debian has the less amount of spywares included in its products by default: geoclue should be the only. Others are features of applications. For instance, Network Manager has the feature "connectivity-check" (it's also a spyware without any doubt).
                  This is a very good point. I don't know if "Spyware" is the best term to use, but I can not agree more than software components such as 'geoclue.service' put users at risk by exposing/leaking information on the host to the 3ed parties WITHOUT giving users a meaningful way to control or to disable it's functionality.
                  What's even worse, there is no disclosure or warning that a peace of code in your host facilitating such functionality.

                  As a matter of a standard practice, not even a part of separate effort to harden Debian based hosts, we routinely disable geoclue.service as a part of the OS install.
                  One more important note, 'geoclue' is a code that makes it's way in to Debian through Gnome environment, and something to be addressed with a Gnome foundation directly. (has been done, to no avail).

                  Debian distro with out the Gnome (a typical instance with a primary purpose to run as a server) does NOT come with geoclue.service present on the system.

                  Comment


                  • #19
                    Originally posted by mxan View Post

                    Your package manager is also "spyware" by that logic. You run `apt update && apt upgrade` and now Debian has your IP address and a list of all the packages on your system! ZOMG!
                    When apt package invoked, such action requires user interaction on the system with root privileges. By doing so, it is assumed user and specially root, knows and understand the result of such action.

                    When geoclue.service sends network request to the 3ed parties servers (mozilla for example), it does it in the background, with out disclosing, asking, warning, giving any options to the user!
                    And that is very much consistent with a type of behavior exhibited by the software commonly viewed as a spyware.

                    While the intent and the purpose of the geoclue.service is know and understood, network activity resulted from geoclue.service is absolutely can be leveraged as an attack vector.
                    Coupled with it's stealthy (to the local host user(s) on a desktop type PC with Gnome UI ) presence WITH OUT any control mechanism with in the Gnome UI... is a very legitimate concern.

                    For users, who have a reasons to believe they might be a target of the state sponsored surveillance - journalist, activists, people with a sensitive national security related jobs, Gnome desktop contain software components that bluntly disregard users privacy, something that most users of for the most part safe and secure operating systems like Debian would not expect to be the case.

                    So, disregarding comment of who might be insane or not, security and privacy is very legitimate concern and a good cause for a public conversation. A polite and respectful conversation I hope.

                    Comment

                    Working...
                    X