Closed evil-user closed 2 years ago
adrelanos
commented
2 years ago Because:
evil-user
commented
2 years ago @adrelanos i am wondering why almalinux or rockylinux were not mentioned in https://www.whonix.org/wiki/Dev/Operating_System#Criteria_for_Choosing_a_Base_Distribution , i guess they both use rpm/(dnf in almalinux 9.0) both are highly secure and have large user base even from enterprise. they could have been a better alternative compared to debian. debian is full of politics and their popularity is diminishing day by day the number of debian derivatives doesn't mean lots of public scrutiny most of them are just fun projects not serious enough for enterprise.
frozen release cycle distributions often don’t update package versions and fall behind on security updates.
For frozen distributions, package maintainers are expected to backport patches to fix vulnerabilities (Debian is one such example) rather than bump the software to the “next version” released by the upstream developer. Some security fixes do not receive a CVE (particularly less popular software) at all and therefore do not make it into the distribution with this patching model. As a result minor security fixes are sometimes held back until the next major release.
Debian is worst in handling security i wish kicksecure was based on fedora or arch linux.