2.3. Debian 对安全问题的态度

如果你对 Debian GNU/Linux 的安全问题有一个大概的了解, 你就应该注意到为了提供一个全面安全系统, Debian 处理问题的不同:

  • Debian problems are always handled openly, even security related. Security issues are discussed openly on the debian-security mailing list. Debian Security Advisories (DSAs) are sent to public mailing lists (both internal and external) and are published on the public server. As the http://www.debian.org/social_contract states: We will not hide problems. We will keep our entire bug report database open for public view at all times. Reports that people file online will promptly become visible to others.

  • Debian follows security issues closely. The security team checks many security related sources, the most important being http://www.securityfocus.com/cgi-bin/vulns.pl, on the lookout for packages with security issues that might be included in Debian.

  • Security updates are the first priority. When a security problem arises in a Debian package, the security update is prepared as fast as possible and distributed for our stable, testing and unstable releases, including all architectures.

  • 有关安全的信息被集中在一个站点, http://security.debian.org/.

  • Debian 一直通过启动新项目努力改善发行版的整体安全性, 如自动软件包签名验证机制.

  • Debian 为系统管理和监控提供许多有用的有关安全的工具. 为了更好的实施本地安全策略, 开发者努力将这些工具与发行版紧密的结合在一起. 这些工具包括: 集中认证,审核工具,加固工具,防火墙工具,入侵察觉工具,等等.

  • Package maintainers are aware of security issues. This leads to many “secure by default” service installations which could impose certain restrictions on their normal use. Debian does, however, try to balance security and ease of administration - the programs are not de-activated when you install them (as it is the case with say, the BSD family of operating systems). In any case, prominent security issues (such as setuid programs) are part of the http://www.debian.org/doc/debian-policy/.

By publishing security information specific to Debian and complementing other information-security documents related to Debian (see 第 1.4 节 “预备知识”), this document aims to produce better system installations security-wise.