DM = distribution maintainer
secure:
DMs can and do sometimes add:
This interference as you call it is an expression of values.
values:
Packing policy is based on the values of the distribution:
Purpose of Packaging
Rolling will have more issues constantly introduced. Debian stable has a purpose: It’s stable.
Needs to be contextualized.
Kicksecure, Whonix server running Debian stable / Kicksecure:
12 years at time of writing.
Website known hacked, defaced through server hacking: 0
affected by xz backdoor: no
Rolling distributions: affected by xz backdoor: yes.
Ticket:
Related:
(Wiki spam / forum spam does not count. Not based on hacking.)
again:
Purpose of Packaging
Example… Reproducible builds…
Do you want grub or any other package reproducible?
Take the patch, here example for grub:
https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=787795
Here’s a “small” list of patches:
https://udd.debian.org/dev/bugs.cgi?release=any&patch=only&merged=ign&reproducible=1&sortby=id&sorto=asc&format=html#results
(There’s also a larger list of patches for reproducible builds.)
Either,
- A) non-reproducible and no patch, or
- B) reproducible and patched
Choose one.
Want both? Maybe. If the patch gets merged upstream.
Sure. That’s the plan.
But what when upstream is slow and/or patch change requests?
That’s the case for grub:
GRUB Slow Upstream
Meanwhile the choice is between A and B.
Don’t want any intermediaries? Use Linux From Scratch.
https://www.linuxfromscratch.org/
Too complicated? Use a Linux distribution.
Want both no intermediaries and easy? Unavailable.