STOP INSTALLING DEBIAN

Rainb0wSkeppy@lemmy.world · 7 个月前

STOP INSTALLING DEBIAN

germanatlas@lemmy.blahaj.zone · 7 个月前

no real-world use found for staying more than one version behind

The ssh vulnerability didn’t affect Debian because the packages were too many versions behind

azvasKvklenko@sh.itjust.works · 7 个月前

AFAIK, the xz vulnerability was designed for Debian based on its workaround fixing systemd service status detection. Even if it shipped to something like Arch, the malicious code wouldn’t load.

cygnus@lemmy.ca · 7 个月前

Security through Geriatricity

bisby@lemmy.world · 7 个月前

Except this isn’t true at all.

https://security-tracker.debian.org/tracker/CVE-2024-6387

Regresshion impacted bookworm and trixie both. Buster was too old.

With the downside of me doing an apt update and seeing that openssh-server was on 1:9.2p1-2+deb12u3 and I had no idea at a glance if this included the fix or not (qualys’s page states version 8.5p1-9.8p1 were vulnerable).

If you are running debian bookworm or trixie, you absolutely should update your openssh-server package.

acockworkorange@mander.xyz · 7 个月前

Isn’t this meme format completely written in sarcasm?

renzev@lemmy.world · 6 个月前

We’re on a meme page. There is little difference between sarcasm and being serious here. It doesn’t matter whether OP is being fully sarcastic or fully serious, people in the comments may hold the same opinion seriously, sarcastically, or with a mixture of both. The format is irrelevant

alienghic@slrpnk.net · 3 个月前

The xz/ssh back door made it into Debian testing, So I felt I should wipe and reinstall.

Debian has had a rolling release for ages.

Delilah (She/Her)@lemmy.blahaj.zone · 7 个月前

well at least they aren’t trying to make me install snaps, and patching apt so if I sudo apt install firefox it installs the snap version.

noisypine@infosec.pub · 7 个月前

This should be a jailable crime.

Delilah (She/Her)@lemmy.blahaj.zone · edit-2 7 个月前

especially as the hack flows downriver to distros with actual dignity like mint. Like this is pollution of the water supply dog!

marduk@lemmy.sdf.org · 7 个月前

The “install lib-blah-blah-blah” bit doesn’t bother me 'cause whenever I need to make something work, I just copy and paste the “sudo apt install …” commands straight from the internet :)

steersman2484@sh.itjust.works · 7 个月前

I also never used version pinning in debian

LeroyJenkins@lemmy.world · 7 个月前

Don’t

Erupt

Before

I

Am

Nevada

MNByChoice@midwest.social · edit-2 7 个月前

This is great! No better way to demonstrate how perfect Debian is! Debian for the win!

Tundra@lemmy.ml · 7 个月前

Pyro@lemmy.world · 7 个月前

Debianties

AlexisFR@jlai.lu · 7 个月前

Truly the dumbest meme template of the year.

stepan@lemmy.cafe · 7 个月前

I like it

Norgur@fedia.io · 7 个月前

I don’t. So… uhm… you’re wrong I guess.

abbotsbury@lemmy.world · 7 个月前

This is a pretty old template iirc

rc__buggy@sh.itjust.works · 7 个月前

It’s so old it’s still shipping in bookworm

crispy_kilt@feddit.de · 7 个月前

Btw I use Debian

hemko@lemmy.dbzer0.com · 7 个月前

I use Debian btw

lemmyvore@feddit.nl · 7 个月前

I would uninstall the screensaver so fast if I saw a nag screen. Wtf it’s a screensaver, what does it matter? I’ll use a version that’s 50 years old if I want to.

bisby@lemmy.world · 7 个月前

Because the dev gets a huge number of bug reports for bugs that were resolved 5 versions ago.

They actually asked debian to stop shipping the screensaver, because they were getting tired of saying “this is already fixed, debian is just not going to ship the fix for another year”. Debian didn’t want to stop, so the dev added the nag screen, because it was the only way to stop the flood of bug reports for things that were already fixed.

u/lukmly013 💾 (lemmy.sdf.org)@lemmy.sdf.org · edit-2 7 个月前

Do people not check what version of software they have and what’s newest (and if the issue exists is a good idea too) before reporting a bug?

bisby@lemmy.world · 7 个月前

Should they? Yes. They should also be searching for previous bug reports. I’m sure a lot of people do. But if you have enough users, even if 1% of people don’t use good reporting behaviors, you wind up with a lot of duplicate or bad reports.

There are plenty of blog posts out there that basically can be summarized as talking about how grueling open source work can be because users are often aggressive in their demands.

But this is a prime example of debian “stable” doesn’t mean “no crashes” but instead it means “unchanging, which means any bugs and crashes will remain for the whole release”

Malfeasant@lemmy.world · 7 个月前

Lololololololol. No, they do not. I support a product that gets updated roughly quarterly, and the number of times people complain about their vulnerability scanner finding something when they’re on a 4 year old version is too damn high.

OsrsNeedsF2P@lemmy.ml · 7 个月前

Lots of people simply don’t know.

Source: I filed bug reports to Fcitx when I first installed Debian, because I didn’t realize Debian shipped packages from the before the stone ages

GravitySpoiled@lemmy.ml · edit-2 7 个月前

Rainb0wSkeppy@lemmy.world · 7 个月前

Sonotsugipaa@lemmy.dbzer0.com · 7 个月前

sem@lemmy.blahaj.zone · 7 个月前

Goodbye

mexicancartel@lemmy.dbzer0.com · 7 个月前

Engywuck@lemm.ee · 7 个月前

I know this is just a meme, but the “Stop using xxx!” posts are really annoying.

unexposedhazard@discuss.tchncs.de · 7 个月前

Whaaat, i love them. They are so unpredictable. Sometimes they are fully serious opinions, sometimes only half serious and sometimes just fully ironic shitposts.

SpaceNoodle@lemmy.world · 7 个月前

I think the comments calling them annoying are more annoying

RachelRodent@lemmy.dbzer0.com · 7 个月前

I think it is a funny format

Magister Sieran@discuss.tchncs.de · 7 个月前

3debian5me

Possibly linux@lemmy.zip · 7 个月前

Oh, Debian!

1000002612

NathanClayton@lemmy.world · 7 个月前

KDE? Who needs anything other than FVWM2 or CDE?

OsrsNeedsF2P@lemmy.ml · 7 个月前

As someone who loves the old designs (I’ve run Chicago95 for years now), the only thing stopping me from running CDE is it lacks first-class support from any distro I’ve used