-----BEGIN PGP SIGNED MESSAGE----- Hash: SHA1 I can't speak to those packages specifically but I think the answer you'll get from most people, especially in this community, is that non-free software is inherently insecure because you can't know exactly what it is doing. Thus, a fully free system such as Debian with only main enabled or Trisquel or so is, in principle, more trustworthy than any system running non-free code.
That said, free code can of course have bugs and security holes too. It's probably less likely, with a community of thousands auditing it versus a closed group of developers, but it happens. On 09/12/2013 02:41 PM, adrelanos wrote: > How secure is a Debian installation packages installed only from > main, none from contrib or non-free? > > It will lack for example the firmware-linux-nonfree package and > the intel-microcode / amd-microcode package. At least the microcode > one is security relevant? Are there any other packages which might > be important to have installed for security reasons? > > I mean, how secure is it in comparison with those packages > installed vs not having them installed? > > -----BEGIN PGP SIGNATURE----- Version: GnuPG v1.4.14 (GNU/Linux) Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBAgAGBQJSMjmyAAoJEGe6xJ1FYRpRWkUH/iy9/Kyu8SP/ymdAFcWw1eMj G1+0Jbt8L3iu3wRrvwmcofY+OVx4bAvPZWy4F6Q02UO42SYGHV9r09Rni1ESLxML d2ktMOzdMILjqrAJwC0K9SP1crCBZs/dUIr6xW6ZxlYI8FDJiFS0O75GSTTrQH3S G44jtXNkkfjVHayXpRx06xcGy2C2eAHA+BT5EMcmli8nh6/XhTp+qJE9hVzmDk2t uu0FOPWF4ksW0hGIogKizc/Ltk1Zm28/kXSHwIst7jolMjlE4EKDcH0iyZXoSh6r 6vjPsecjoxGNlS5PTXQ8uA/j42rhBZnSl3+InbHnJ3Qf1m0AFCDzJcgv71VWh58= =Z1G3 -----END PGP SIGNATURE----- -- To UNSUBSCRIBE, email to debian-security-requ...@lists.debian.org with a subject of "unsubscribe". Trouble? Contact listmas...@lists.debian.org Archive: http://lists.debian.org/523239b3.7090...@gmail.com