Search Mailing List Archives
[liberationtech] Fwd: [greg at pryzby.org: Ubuntu, Dash, Shuttleworth and privacy]
blibbet at gmail.com
Wed Feb 20 14:29:58 PST 2013
> Anyway, we are free to choose what fit our requirements.
Is there any formal academic research on the topic of distro
stability/quality/security, with any listed attributes/requirements?
On one hand, corporate control tends to spyware backdoors. On the other,
volunteer control could have other problems, like the Debian OpenSSL
port PRNG issue.
What are the other main characteristics to look for in a
community-controlled distro, for signs of a trustworthy, secure platform?
Going to the other extreme of Debian community size, what about
one-person projects? Some of the PET-centric distros are maintained by
just a single person. Is that better, or worse? I'd tend to think that a
>1 team would be better.
Another factor is security/trust issues from the uptream distro, if any.
If The Upstream Vendor (TUV) is a corporate-controlled one, you have to
hope that the downstream community-controlled fork is able to identify
any corporate-inserted spyware. It also may benefit from their presumed
For example, will Ubuntu Privacy Remix defang this new upstream Dash
spyware feature, if UPR is still alive and ever updates to 12.x?
Even if TUV is community-based, like many are (Debian, or Gentoo, or
Ubuntu), you have to now trust that their code, or that the downstream
distro fixes things to your liking.
It would be nice if the EFF or some other org would poll their users,
asking them for their favorite distro, and which characteristics caused
PS: Earlier I implied that Mint is corporate-controlled, but it appears
I was wrong, and they appear community-controlled. Sorry, Mint!
More information about the liberationtech