i486
Posts: 172
Joined: Sun Aug 28, 2016 3:41 pm
Location: BG

Raspbian security updates

Mon Mar 04, 2019 12:16 pm

Hi. I know Raspbian is cloned from Debian which is known as very stable and secure. I guess that improvements in Debian since the first release of Raspbian are not transferred (to Raspbian). The question is whether Raspbian has regular security updates and can it be used for mail/DNS/web server without risk of hacking? The risk always exists but can it be compared to latest version of Debian?

ShiftPlusOne
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 6086
Joined: Fri Jul 29, 2011 5:36 pm
Location: The unfashionable end of the western spiral arm of the Galaxy

Re: Raspbian security updates

Mon Mar 04, 2019 12:29 pm

The Raspbian repo (raspbian.raspberrypi.org) pulls in security fixes from Debian as well.

However, archive.raspberrypi.org is managed manually. The version of chromium we currently ship is relatively old, with many known CVEs fixed in later versions. I'm working on getting a newer version packaged up right now. I try to version things such that security fixes from Debian are picked up in favour of our changes, but most of archive.raspberrypi.org packages don't come from Debian and therefore don't get anywhere near the same level of scrutiny.

I try to keep security in mind as much as possible and if anything slips by and is reported, we'll try to address it ASAP. But, we don't have a security team like Debian does to track every single CVE.

fruitoftheloom
Posts: 21094
Joined: Tue Mar 25, 2014 12:40 pm
Location: Delightful Dorset

Re: Raspbian security updates

Mon Mar 04, 2019 1:44 pm

i486 wrote:
Mon Mar 04, 2019 12:16 pm
Hi. I know Raspbian is cloned from Debian which is known as very stable and secure. I guess that improvements in Debian since the first release of Raspbian are not transferred (to Raspbian). The question is whether Raspbian has regular security updates and can it be used for mail/DNS/web server without risk of hacking? The risk always exists but can it be compared to latest version of Debian?

Raspbian is a fork not a clone of Debian ARMHF, basically Debian ARMHF ARMv7 is compiled to also support the ARMv6 of the Raspberry Pi 1 and Zero family.......
Retired disgracefully.....
This at present is my daily "computer" https://www.asus.com/us/Chrome-Devices/Chromebit-CS10/

i486
Posts: 172
Joined: Sun Aug 28, 2016 3:41 pm
Location: BG

Re: Raspbian security updates

Mon Mar 04, 2019 3:50 pm

My idea is to use RPi with SSD as backup server for email (Postfix), web (Apache or Nginx) and DNS server. The main server will be normal x64 PC with Debian.

jamesh
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 24191
Joined: Sat Jul 30, 2011 7:41 pm

Re: Raspbian security updates

Mon Mar 04, 2019 3:57 pm

i486 wrote:
Mon Mar 04, 2019 3:50 pm
My idea is to use RPi with SSD as backup server for email (Postfix), web (Apache or Nginx) and DNS server. The main server will be normal x64 PC with Debian.
I would think that would be fine. Not a huge amount of network throughput required, so should be a good fit.
Principal Software Engineer at Raspberry Pi (Trading) Ltd.
Contrary to popular belief, humorous signatures are allowed. Here's an example...
“I think it’s wrong that only one company makes the game Monopoly.” – Steven Wright

i486
Posts: 172
Joined: Sun Aug 28, 2016 3:41 pm
Location: BG

Re: Raspbian security updates

Mon Mar 04, 2019 4:08 pm

About Apache/NGINX/Postfix - are they installed with latest versions?

ShiftPlusOne
Raspberry Pi Engineer & Forum Moderator
Raspberry Pi Engineer & Forum Moderator
Posts: 6086
Joined: Fri Jul 29, 2011 5:36 pm
Location: The unfashionable end of the western spiral arm of the Galaxy

Re: Raspbian security updates

Mon Mar 04, 2019 4:18 pm

i486 wrote:
Mon Mar 04, 2019 4:08 pm
About Apache/NGINX/Postfix - are they installed with latest versions?
Depends on what you mean by latest versions.

The latest 'stable' (in Debian terms) version. Which is what was current when Stretch was frozen and has been updated with security fixes since then.

https://wiki.debian.org/DebianReleases

Return to “General discussion”