I no longer want to use Microsoft Windows OS for anything if possible.
I have moved to using Ubuntu 16.04LTS as my main OS already.
I also run the following Linux Distributions:
Fedora - For Server and a look at latest new Linux features.
Centos - for “Enterprise Software”.
I also tried a distribution called RoboLinux - just to look at the desktop GUI features.
RoboLinux version I have gave the user the option to donate a small amount of money to receive automated scripts and receive email support.
I have no problem with that. I understand that developers need to live/eat, not many people can work for free.
I paid/donated and I downloaded and ran the scripts. I also received prompt email support. I have no complaints.
Looking at the scripts I they allow people with little/no Linux knowledge to get up and running with latest versions of additional software quickly, and install Virtual Machine to run Windows within RoboLinux. I did find them useful.
Some of the RoboLinux scripts did not work completely for me.
The issue was that my ISP was blocking connection to a particular IP address used for the script downloads and software updates.
Please note I make no accusations against RoboLinux.
I have no complaints about them.
I was able to use most of the scripts, but , because my ISP was blocking the download address used in some of the scripts I stopped there.
Trying to get a technical response from my ISP provider proved pointless. They simply do not answer why they block.
I started to ask the general question, how do Users know that a particular Linux Distribution is safe, and has not been compromised in some way?
Is there some security oversight team for Linux Distributions?
I remember a few years ago was a bigc thing that got ATT and comcast in trouble they were blocking connections to certain mirrors of linux packages. I don’t really remember why but they were. There was like one bullshit thing on the news after it got big enough “Is Linux Safe?”. Eventually something happened that ATT and comcast just undid the block and it all kinda dissappeared afterwards.
Well, I think Linux distros usually do package signing and provide them via https mirrors. You can also harden Linux kernel and other parts of the OS to be more secure. I don’t think you can be 100% sure about anything being secure tho.
Distributions sponsored by corporations that market and support commercial Linux have very good reason to do very good security vetting. Examples are Fedora/Red Hat, Suse/OpenSuse, and Canonical/Ubuntu.
Ditto non-corporate distros supported by large communities. E.g., Debian and Arch.
Note, though, that distributions often maintain more than one repository. One or more of those repositories will include thousands of packages that are vetted by the distro to a different standard than the finite number of “core” packages, if at all. Resolution of security issues with those packages depends on the current developers, if any, and/or the community. In my experience, active popular packages are generally dealt with efficiently. It’s just that the distro is unlikely to expend resources doing that on its own.
The nature of open source and its community can’t ensure perfect, instant, visibility of every security bug and threat, but it is pretty hard to hide.
Hi, OK thank you for that information. I am going to go back and look at my RoboLinux installation again. I am not sure if you have looked at the RoboLinux Website (https://www.robolinux.org/). I was focusing on their Desktop GUI, scripts to set up windows inside a virtual machine. I did not look at it or install it but they also have a secure vpn which uses Tor. That may be something to do with my ISP refusing to connect. I will try to discuss with them again. Thanks.