Page 1 of 1

Raspbian security updates

Posted: Mon Mar 04, 2019 12:16 pm
by i486
Hi. I know Raspbian is cloned from Debian which is known as very stable and secure. I guess that improvements in Debian since the first release of Raspbian are not transferred (to Raspbian). The question is whether Raspbian has regular security updates and can it be used for mail/DNS/web server without risk of hacking? The risk always exists but can it be compared to latest version of Debian?

Re: Raspbian security updates

Posted: Mon Mar 04, 2019 12:29 pm
by ShiftPlusOne
The Raspbian repo (raspbian.raspberrypi.org) pulls in security fixes from Debian as well.

However, archive.raspberrypi.org is managed manually. The version of chromium we currently ship is relatively old, with many known CVEs fixed in later versions. I'm working on getting a newer version packaged up right now. I try to version things such that security fixes from Debian are picked up in favour of our changes, but most of archive.raspberrypi.org packages don't come from Debian and therefore don't get anywhere near the same level of scrutiny.

I try to keep security in mind as much as possible and if anything slips by and is reported, we'll try to address it ASAP. But, we don't have a security team like Debian does to track every single CVE.

Re: Raspbian security updates

Posted: Mon Mar 04, 2019 1:44 pm
by fruitoftheloom
i486 wrote:
Mon Mar 04, 2019 12:16 pm
Hi. I know Raspbian is cloned from Debian which is known as very stable and secure. I guess that improvements in Debian since the first release of Raspbian are not transferred (to Raspbian). The question is whether Raspbian has regular security updates and can it be used for mail/DNS/web server without risk of hacking? The risk always exists but can it be compared to latest version of Debian?

Raspbian is a fork not a clone of Debian ARMHF, basically Debian ARMHF ARMv7 is compiled to also support the ARMv6 of the Raspberry Pi 1 and Zero family.......

Re: Raspbian security updates

Posted: Mon Mar 04, 2019 3:50 pm
by i486
My idea is to use RPi with SSD as backup server for email (Postfix), web (Apache or Nginx) and DNS server. The main server will be normal x64 PC with Debian.

Re: Raspbian security updates

Posted: Mon Mar 04, 2019 3:57 pm
by jamesh
i486 wrote:
Mon Mar 04, 2019 3:50 pm
My idea is to use RPi with SSD as backup server for email (Postfix), web (Apache or Nginx) and DNS server. The main server will be normal x64 PC with Debian.
I would think that would be fine. Not a huge amount of network throughput required, so should be a good fit.

Re: Raspbian security updates

Posted: Mon Mar 04, 2019 4:08 pm
by i486
About Apache/NGINX/Postfix - are they installed with latest versions?

Re: Raspbian security updates

Posted: Mon Mar 04, 2019 4:18 pm
by ShiftPlusOne
i486 wrote:
Mon Mar 04, 2019 4:08 pm
About Apache/NGINX/Postfix - are they installed with latest versions?
Depends on what you mean by latest versions.

The latest 'stable' (in Debian terms) version. Which is what was current when Stretch was frozen and has been updated with security fixes since then.

https://wiki.debian.org/DebianReleases