On Mon, Jul 22, 2024 at 5:41 PM Andy Smith <a...@strugglers.net> wrote: > > On Mon, Jul 22, 2024 at 01:38:07PM +0500, 타토카 wrote: > > [...] > > 4. As I know Debian Sid does not have some packages like Arch, why? They > > have rolling releases? I mean packages, for example, hyprland. > > Debian sid is not a rolling release. Debian does not have a rolling > release. Additionally, Debian sid isn't a release of any > description. > > You should not be using Debian sid.
I wish Debian had a rolling release. Years between releases means software will get stale and accumulate bugs that will lead to vulnerable and exploitable hosts on the network. A perfect case on point is "TTY1 layer bug", <https://thenewstack.io/design-system-can-update-greg-kroah-hartman-linux-security/>. Folks thought it was benign, and did not patch it or port existing patches. It was one of those accumulated bugs that would get cleared at the next major release. Then, years after it was disclosed, someone figured out it was exploitable. A rolling release of 6 months would have cleared the bug close to the time it became known. It would not have festered for years. Fixing a bug close to when it becomes known is evidence of a [more] secure system. That's because most compromises happen three or six months after the bug was disclosed and patches were available. And the compromises continue for years afterwards. Confer, <https://www.cs.umd.edu/~waa/pubs/Windows_of_Vulnerability.pdf>. Jeff
