Conversation

The Linux distro model is antithetical to security on a desktop system. It's security anti-vax where you get old, hacked-up software, because package maintainers insist on doing the equivalent of "their own research" instead of just promptly shipping upstream security fixes.

GIF

read image description

ALT

Replying to

but that's only if you assume it's about security, right? if you're coming at it from a stability perspective, it might be pretty sensible. if upstream makes a breaking change, and it's your responsibility that old software keeps working with zero churn for the user...

Replying to

and

This results in a lot more pain for the user in the long term since they need to deal with a massive amount of breaking changes across a bunch of software at the same time when all of them jump many versions ahead together. Good luck figuring out source of regressions, etc.

11:44 PM · Oct 7, 2021Twitter Web App

Replying to

and

I find that it's dramatically less work to use a distribution following along with the latest stable releases without applying any substantial changes to the software. I use the current upstream LTS branch for Linux kernel, nginx, etc. It's far more work to try delaying change.

Replying to

and

On a distribution like Debian, the whole base OS consists of their messed up frankenstein packages with ancient frozen base code, a small subset of security fixes backported and a whole bunch of their misguided changes and weird configuration/scripting frameworks wrapping it.

Show replies