• corsicanguppy
        link
        fedilink
        arrow-up
        3
        arrow-down
        1
        ·
        1 year ago

        Opencve.

        Also, just hook up to yum and keep that test VM set updating daily.

        EL has been so stable that I’ve had a good portion of the herd cron-yumming for about 20 years now. It’s gone about 2% to shit since systemd and networkmangler and other useless fridge art, but it’s still the easiest method to avoid 95% of problems.

        You may not like the numbers, but 7 THOUSAND consecutive successful update runs is a decent enough track record for me. Make sure to needs-rebooting&&reboot on a decent schedule.

  • Deathcrow@lemmy.ml
    link
    fedilink
    arrow-up
    42
    ·
    1 year ago

    If system security is the most important criteria above everything else, switch to using BSD.

    nice bait mate.

  • uniqueid198x@lemmy.dbzer0.com
    link
    fedilink
    arrow-up
    27
    ·
    1 year ago

    BSD boosterism is a meme, I know, but honestly this is the incorrect take.

    Anything as large and complicated as a kernel has bugs. Some of those bugs may be security related. If security is your concern, you want to use the kernel which has people actively publishing those bugs so they can be patched.

    The fact you haven’t seen privilege escalation vulnerabilities in BSD isn’t necessarily because they aren’t there. We don’t know that. What we do know is that not as many people are looking.

    • Rozaŭtuno@lemmy.blahaj.zone
      link
      fedilink
      arrow-up
      18
      ·
      1 year ago

      The fact you haven’t seen privilege escalation vulnerabilities in BSD isn’t necessarily because they aren’t there.

      aka ‘absence of proof isn’t proof of absence’.

    • Lengsel@latte.isnot.coffeeOP
      link
      fedilink
      arrow-up
      2
      ·
      1 year ago

      That’s the goal of OpenBSD, to prioritize security and actively find ways to crack or break OpenBSD in order to consistently harden it to the point that people at DEFCON conferences have given up trying to hack it due to being such a lengthy process each time only to fail.

  • corsicanguppy
    link
    fedilink
    arrow-up
    14
    ·
    1 year ago

    If system security is the most important criteria above everything else, switch to using BSD.

    Jingoism aside, anyone running enterprise Linux is also not affected.

    So calm down. It’s just the “concept car” versions affected, and your work shouldn’t be calling you for anything.

  • nekat_emanresu@lemmy.ml
    link
    fedilink
    arrow-up
    1
    ·
    edit-2
    1 year ago

    Trippy. I was just tempted to make a post asking about how hard it would be in rust to make a program with high end security and privacy. I decided not to, but then starting to wonder if memory could be put onto the swap file and then edited, and they this post showed up. I thought clearly, without a doubt they would make the swap system near perfect and i shouldn’t worry about that. haha