On Wed, 2 Sep 2015 21:20:06 +0200, Set Hallstrom wrote: >To be alarmist, isn't it also a way to garantee that no malicious code >is being entered? That the download links for ISO's are not edited to >mirror some zombiepidemic?
Yesno! Ubuntu is known to add spayware! But it's not a secret and the spyware can be removed. Making an independent distro doesn't mean to stay away from the Linux/BSD communities. All the serious issues within the last years were quickly fixed. Who ever fixed such an issue, upstream quickly released fixed versions and Linux distros and BSD flavours upgraded their repos/ports. One of the more popular issues within the last years got it's own corporate design ;), https://en.wikipedia.org/wiki/Heartbleed#/media/File:Heartbleed.svg. Ubuntu downloads by pushing a button are a PITA. Ubuntu provides the right way, https://help.ubuntu.com/community/VerifyIsoHowto. The chain of trust is another issue. I don't call it "web of trust", because the "chain of trust" is beyond it. I explained it on the Ubuntu user mailing list. What a web of trust is, is explained by several sources. In addition do you trust capitalists, e.g. Mark Shuttleworth? Do you trust yourself or are you e.g. neurotic? What is a link? A link is something that might be resolved by an NSA nameserver. The NSA most known is 8.8.8.8 ;). However, if you download your ISO from a NSA server and you can verify it with a trusted key, it's safe. IOW it doesn't matter if the link is a fake or not. To realise a web of trust is possible, there's no need to belong to Ubuntu. I guess a lot of people just download without making a checksum test. A few make a checksum test, but without taking care of the signature. A few verify the signature, but they have no key to trust the key that belongs to the signature. A minority own a key to verify the origin of another keys owner, but then they still need to trust the owner. Do you expect that a target group that needs ubuntustudio-controls application to add/remove users from audio group has the ability to verify an ISO with a trusted key? However, an independent distro could grant the same security as Ubuntu. What an independent distro can't grant is support. Why get Ubuntu and Debian mailing lists spammed with support requests from Mint users? Freakish distros such as Mint don't have such a huge user base. I dislike Ubuntu, but a poll showed that Ubuntu and Arch seems to be the most used distros for Linux audio by those subscribed to LAU/LAD. For sure Planet CCRMA, Suse and Debian are not that seldom used, but already known audio distros for good reasons aren't that popular. I prefer Arch over Ubuntu, but when contributing something to a distro that is suitable for newbies, there's no way around Ubuntu. Btw. there already was a good independent audio distros with a business concept http://www.64studio.com/team but it's not available anymore ;) and btw. if you visit Robins website, http://gareus.org/, you'll notice this link to the LAD archive: http://lists.linuxaudio.org/pipermail/linux-audio-user/2013-February/thread.html#89924. Regards, Ralf -- ubuntu-studio-devel mailing list ubuntu-studio-devel@lists.ubuntu.com Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-studio-devel