[ubuntu-studio-devel] Elementary OS
Ralf Mardorf
ralf.mardorf at alice-dsl.net
Wed Sep 2 20:53:01 UTC 2015
On Wed, 2 Sep 2015 21:20:06 +0200, Set Hallstrom wrote:
>To be alarmist, isn't it also a way to garantee that no malicious code
>is being entered? That the download links for ISO's are not edited to
>mirror some zombiepidemic?
Yesno! Ubuntu is known to add spayware! But it's not a secret and
the spyware can be removed. Making an independent distro doesn't mean
to stay away from the Linux/BSD communities. All the serious issues
within the last years were quickly fixed. Who ever fixed such an issue,
upstream quickly released fixed versions and Linux distros and BSD
flavours upgraded their repos/ports. One of the more popular issues
within the last years got it's own corporate design ;),
https://en.wikipedia.org/wiki/Heartbleed#/media/File:Heartbleed.svg.
Ubuntu downloads by pushing a button are a PITA. Ubuntu provides the
right way, https://help.ubuntu.com/community/VerifyIsoHowto. The chain
of trust is another issue. I don't call it "web of trust", because the
"chain of trust" is beyond it. I explained it on the Ubuntu user mailing
list. What a web of trust is, is explained by several sources. In
addition do you trust capitalists, e.g. Mark Shuttleworth? Do you trust
yourself or are you e.g. neurotic? What is a link? A link is something
that might be resolved by an NSA nameserver. The NSA most known is
8.8.8.8 ;). However, if you download your ISO from a NSA server and
you can verify it with a trusted key, it's safe. IOW it doesn't matter
if the link is a fake or not. To realise a web of trust is possible,
there's no need to belong to Ubuntu. I guess a lot of people just
download without making a checksum test. A few make a checksum test, but
without taking care of the signature. A few verify the signature, but
they have no key to trust the key that belongs to the signature. A
minority own a key to verify the origin of another keys owner, but then
they still need to trust the owner.
Do you expect that a target group that needs ubuntustudio-controls
application to add/remove users from audio group has the ability to
verify an ISO with a trusted key?
However, an independent distro could grant the same security as Ubuntu.
What an independent distro can't grant is support. Why get Ubuntu and
Debian mailing lists spammed with support requests from Mint users?
Freakish distros such as Mint don't have such a huge user base.
I dislike Ubuntu, but a poll showed that Ubuntu and Arch seems to be the
most used distros for Linux audio by those subscribed to LAU/LAD. For
sure Planet CCRMA, Suse and Debian are not that seldom used, but
already known audio distros for good reasons aren't that popular.
I prefer Arch over Ubuntu, but when contributing something to a distro
that is suitable for newbies, there's no way around Ubuntu.
Btw. there already was a good independent audio distros with a business
concept http://www.64studio.com/team but it's not available
anymore ;) and btw. if you visit Robins website, http://gareus.org/,
you'll notice this link to the LAD archive:
http://lists.linuxaudio.org/pipermail/linux-audio-user/2013-February/thread.html#89924.
Regards,
Ralf
More information about the ubuntu-studio-devel
mailing list