Suggestion for Linux Distro (from PSA: Linux vulnerability)

Peter J. Holzer hjp-python at hjp.at
Thu Mar 31 12:53:08 EDT 2022


On 2022-03-31 09:46:14 +0200, Cecil Westerhof via Python-list wrote:
> "Peter J. Holzer" <hjp-python at hjp.at> writes:
> > Standard policy (there are exceptions) on most distros is to stay with
> > the same version of any package for the entire lifetime. So for example,
> > Ubuntu 20.04 was released with Apache 2.4.41 and Python 3.8.10 and
> > Debian 11 was released with Apache 2.4.53 and Python 3.9.2 and they are
> > still on these versions. Any security fixes and other critical bug fixes
> > were back-ported to these versions.
> 
> Are you sure? In the past this was not the case, but it is possible
> that this has changed. (I do not really follow other distributions. I
> am quite happy with Debian.)

This has always been the case with Debian (they even created a special
repo for packages where this wasn't feasible, like browsers (which
typically update every few weeks and are too large for the security team
to backport security fixes).

In my experience it's also the case for Ubuntu (see the version numbers
I posted).

It also was the case for Redhat, but they seem to have switched to a
rolling updates model some time ago. I'm not sure how they handle that
now.

        hp

-- 
   _  | Peter J. Holzer    | Story must make more sense than reality.
|_|_) |                    |
| |   | hjp at hjp.at         |    -- Charles Stross, "Creative writing
__/   | http://www.hjp.at/ |       challenge!"
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <https://mail.python.org/pipermail/python-list/attachments/20220331/0db46816/attachment.sig>


More information about the Python-list mailing list