You are not logged in.
- Topics: Active | Unanswered
#1 Re: Devuan » liblzma CVE-2024-3094 » 2024-04-07 20:25:35
That can't be a solution either. Devuan is not the worst choice. I'm sticking to it. The malicious code never made it into stable. Security just needs to become more important in the future. The attacks will get much better. You have to be prepared for that.
#2 Re: Devuan » liblzma CVE-2024-3094 » 2024-04-07 19:56:06
The malicious code arrived in Testing and Unstable. If it recognized that it had landed on a system that does not work with systemd, it did nothing. But it was still there. This is an obvious security problem. Malicious code lurking in the system. Nobody can say if, how and when it can become active and cause damage. Thank God it has been found. But that should be a lesson to us. Security will have to become more important in the future.
#3 Re: Devuan » liblzma CVE-2024-3094 » 2024-04-07 10:56:19
And for the German speakers here, an interesting publication - also in relation to systemd:
https://dnip.ch/2024/04/02/xz-open-sour … wtab-de-de
Perhaps there is someone here who can evaluate systemd against this background.
#4 Forum Feedback » "Security" section » 2024-04-07 05:34:42
- jue-gen
- Replies: 2
Good morning everyone, due to the unpleasant incidents with xz / liblzma, I have the feeling that a "Security" section is missing here in the forum. There are News & Announcements, Forum Feedback, Support etc., but "Security" is missing. Or have I overlooked something? What do you think?
#5 Re: Devuan » liblzma CVE-2024-3094 » 2024-04-06 20:30:59
This publication is also interesting for Devuan because it may confirm Devuan's philosophy:
https://www.wired.com/story/jia-tan-xz-backdoor/
#6 Re: Devuan » liblzma CVE-2024-3094 » 2024-04-03 06:10:47
Here is a timeline of what happened:
https://research.swtch.com/xz-timeline
#7 Re: Devuan » liblzma CVE-2024-3094 » 2024-03-31 08:27:49
Take a look at this:
#8 Re: Devuan » Thank you » 2024-02-01 08:18:30
So far, I have found everything I need at Devuan.
#9 Re: Devuan » Praise for the security updates » 2024-01-26 19:46:10
OK, I'll just keep working with Devuan and trust the people who do it.
#10 Re: Devuan » Praise for the security updates » 2024-01-26 18:30:23
Thank you, quickfur. That must be the case. I've never thought about it before, but I like it.
#11 Re: Devuan » Praise for the security updates » 2024-01-26 17:25:56
Thank you, boughtonp. That was an enlightening explanation, at least for me. Now I understand it better. Yes, "Devuan is Debian".
Addendum:
But when I do an update, it doesn't come from a Debian server. It comes from deb.devuan.org. Do the updates from Devuan come to this repository without delay? That's what makes me happy, everything happens very quickly. How should I imagine that?
#12 Re: Devuan » Praise for the security updates » 2024-01-26 15:23:58
Yes, o.k., altoid. When I think about all this, I'm currently coming to the conclusion that I'm actually stupid if I don't continue working with X11. I assumed that Wayland was less bloated than Wayland. At least that's what I've read several times in various forums. I've also read that Wayland is more cleanly programmed and much clearer. I personally cannot verify these statements. What I do know is that I have more problems with Wayland. For example, when I have to fill in long tables from various authorities online, I only have problems with Wayland because the clipboard doesn't work reliably. And here it's pretty stupid if the penultimate number is pasted instead of the last number you copied. If you have to enter several hindered amounts, you simply can't work with Wayland. OK, I'll continue working with X11 for the time being. Many thanks for the input. I'm still interested in the topic and maybe I can read more interesting thoughts in this forum.
Best regards
#13 Re: Devuan » Praise for the security updates » 2024-01-26 11:31:18
Maybe so, Altoid. I would prefer X11 to be solid and future-proof. As I'm not an expert, I've been reading a lot in forums for years. There, the view that Wayland is more secure is becoming more and more common. For example, because if a window is hijacked, X11 also leaks the data from the other windows to the attacker. Sorry, this is probably not expressed correctly, please bear with me.
But what I'm missing is a really good comparison of the security aspects of X11 and Wayland. I haven't found that anywhere yet. Frankly, I'm looking for some competent confirmation that X11 is at least as secure as Wayland (and furthermore, perhaps: that it has a future). I would appreciate it if someone here could comment on this. I've been using Linux-Debian > Devuan since 2002, but I only work with it, I'm not a programmer or anything like that.
Tell me, Altoid, that X11 in Devuan is at least as secure as Wayland, and I will happily continue to use X11. That would be my favorite thing.
#14 Re: Devuan » Praise for the security updates » 2024-01-26 09:22:24
Yes, that's probably a gap, semil. Although I still have problems with the clipboard, for example, I've only been using Wayland for some time now. It's a stupid situation. Not everything actually works perfectly with Wayland, but with X11 there are apparently security holes that aren't being fixed.
#15 Devuan » Praise for the security updates » 2024-01-25 08:29:53
- jue-gen
- Replies: 19
It's great that security updates are implemented in Devuan with virtually no delay. For example, I currently got the notifications for thunderbird, firefox-esr, chromium on my smartphone from security@debian.org, go to my Devuan computer and all three get an update. That's nice to see and reassuring.
#16 Re: Other Issues » [SOLVED] libvirt / Virtual Machine Manager als root? » 2024-01-24 17:13:34
Thank you 
#17 Re: Other Issues » [SOLVED] libvirt / Virtual Machine Manager als root? » 2024-01-24 12:24:53
Yes, done, stopAI. Does that have any additional benefit?
#18 Re: Other Issues » [SOLVED] libvirt / Virtual Machine Manager als root? » 2024-01-23 20:02:42
Yes, thank you very much FOSSenjoyer! I much prefer it that way, of course.
#19 Other Issues » [SOLVED] libvirt / Virtual Machine Manager als root? » 2024-01-15 08:54:19
- jue-gen
- Replies: 6
Hello everyone, what do you think?:
For example, when I start Heads with libvirt / Virtual Machine Manager, the root password is requested. Is that ok or should it be set up so that libvirt / Virtual Machine Manager can be started as a normal user?
#20 Re: News & Announcements » [SOLVED] Bug in kernel 6.1.64-1 » 2023-12-10 20:09:11
Yes.
uname -a
... 6.1.0-15-amd64 #1 SMP PREEMPT_DYNAMIC Debian 6.1.66-1 (2023-12-09) x86_64 GNU/LinuxAddendum: did this bug break anything for anyone? I can't see that anything is broken here.
Addendum 2: Is this perhaps different with Devuan because no systemd is used?
#21 News & Announcements » [SOLVED] Bug in kernel 6.1.64-1 » 2023-12-10 13:59:29
- jue-gen
- Replies: 3
My Devuan system is running 6.1.64-1. What to do? I have not seen any problems so far.
Debian 12 "Bookworm" was supposed to get its third point release yesterday. Due to a bug in kernel 6.1.64-1, the update to Debian 12.3 has been postponed for the time being. In addition, users of Debian Stable and its derivatives are urgently requested not to perform any upgrades at present. ... :
https://linuxnews.de/debian-stable-bitt … -upgrades/
#22 Re: Installation » [SOLVED] Nightly versions on Devuan » 2023-11-03 21:47:40
That's just asking for frustration and pain . . .
but it is interesting that it also works on Devuan ;-)
Update, 2023-11-05 09:38:
Yes, I just realized it. Constant updates keep everything up to date, but it's a terrible use of resources on the net. It was an interesting experience for me, but I won't be using Nightly any more.
#23 Installation » [SOLVED] Nightly versions on Devuan » 2023-11-03 20:12:05
- jue-gen
- Replies: 2
Nightly versions of Firefox can also be installed and updated on Devuan.
# First, the signature key is imported::
wget -q https://packages.mozilla.org/apt/repo-signing-key.gpg -O- | gpg --dearmor | sudo tee /etc/apt/trusted.gpg.d/packages.mozilla.org.gpg > /dev/null
# Then the fingerprint can be checked. This should be 35BA A0B3 3E9E B396 F59C A838 C0BA 5CE6 DC63 15A3
gpg --quiet --no-default-keyring --keyring /etc/apt/trusted.gpg.d/packages.mozilla.org.gpg --fingerprint | awk '/pub/{getline; gsub(/^ +| +$/,""); print "\n"$0"\n"}'
# The repository is now entered in the source list:
echo "deb [signed-by=/etc/apt/trusted.gpg.d/packages.mozilla.org.gpg] https://packages.mozilla.org/apt mozilla main" | sudo tee -a /etc/apt/sources.list.d/mozilla.list > /dev/null
# Finally, the sources are updated and the Firefox Nightly DEB package is installed for example in German:
apt update && apt install firefox-nightly-l10n-en
#24 Re: Installation » [SOLVED] Testing & Ceres » 2023-09-14 13:52:28
I have been using both testing and ceres branches ...
That was an interesting execution! I am now venturing into Ceres on my second system. Thanks for the tips.
#25 Re: Installation » [SOLVED] Testing & Ceres » 2023-09-14 13:30:43
ceres is sid.
Yes, of course, but I think without systemd
Board footer
