Hacker News new | past | comments | ask | show | jobs | submit login

It's easily the most secure Linux distro. It has SELinux enabled by default (and it actually works!) and compiles binaries using most of the available hardening features, other than basically any other mainstream distro.

They have an excellent testing/QA process, especially given the speed at which they're developing - this results in a very high quality.




If you call secure an OS which can crash process without giving meaningful errors.

I have lost hours debugging mysterious crashes because of SELinux, and it is really not safe to have components unexpectedly crashing when they are part of your core infra.

Plus I guess that like every security frameworks it runs with priviledge, it has a lot of lines of code, is hard to audit, and thus highers the surface of vulnerability.

Hint: they use for instance strcmp a lot http://stackoverflow.com/questions/24353504/whats-wrong-with...

Their code mixes if(){} with the if() else (without braces)

They are sometimes using enums, sometimes #define sometimes magic values to refer to constant values.

You should really read the source code.

Definitively above the average of C code in the wild, still having well known code smell.

I would like to see if PVS studio could confirm my intuition.

https://git.kernel.org/cgit/linux/kernel/git/torvalds/linux....


Wow. You literally think selinux is bad because it uses strcmp and enums? Maybe you should read a book about C sometime before you make a fool of yourself on the internets.




Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact

Search: