Raspbian security updates

[i486]

Hi. I know Raspbian is cloned from Debian which is known as very stable and secure. I guess that improvements in Debian since the first release of Raspbian are not transferred (to Raspbian). The question is whether Raspbian has regular security updates and can it be used for mail/DNS/web server without risk of hacking? The risk always exists but can it be compared to latest version of Debian?

[ShiftPlusOne]

The Raspbian repo (raspbian.raspberrypi.org) pulls in security fixes from Debian as well.

However, archive.raspberrypi.org is managed manually. The version of chromium we currently ship is relatively old, with many known CVEs fixed in later versions. I'm working on getting a newer version packaged up right now. I try to version things such that security fixes from Debian are picked up in favour of our changes, but most of archive.raspberrypi.org packages don't come from Debian and therefore don't get anywhere near the same level of scrutiny.

I try to keep security in mind as much as possible and if anything slips by and is reported, we'll try to address it ASAP. But, we don't have a security team like Debian does to track every single CVE.

[fruitoftheloom]

Hi. I know Raspbian is cloned from Debian which is known as very stable and secure. I guess that improvements in Debian since the first release of Raspbian are not transferred (to Raspbian). The question is whether Raspbian has regular security updates and can it be used for mail/DNS/web server without risk of hacking? The risk always exists but can it be compared to latest version of Debian?

Raspbian is a fork not a clone of Debian ARMHF, basically Debian ARMHF ARMv7 is compiled to also support the ARMv6 of the Raspberry Pi 1 and Zero family.......

[i486]

My idea is to use RPi with SSD as backup server for email (Postfix), web (Apache or Nginx) and DNS server. The main server will be normal x64 PC with Debian.

[jamesh]

My idea is to use RPi with SSD as backup server for email (Postfix), web (Apache or Nginx) and DNS server. The main server will be normal x64 PC with Debian.

I would think that would be fine. Not a huge amount of network throughput required, so should be a good fit.

[i486]

About Apache/NGINX/Postfix - are they installed with latest versions?

[ShiftPlusOne]

About Apache/NGINX/Postfix - are they installed with latest versions?

Depends on what you mean by latest versions.

The latest 'stable' (in Debian terms) version. Which is what was current when Stretch was frozen and has been updated with security fixes since then.

https://wiki.debian.org/DebianReleases