| ▲ | vbezhenar 5 days ago | |
This is such a weird state. > The Photon images provide many other benefits not previously available to users of Debian images, including: > Drastically reduced CVE count (e.g., 100+ CVEs to in some cases 0) How can Debian image contain 100+ CVEs? It's nonsense. Surely Debian is as secure as most other "commercial" distros. This CVE scanning stuff is clear FUD to promote commercial distros. | ||
| ▲ | indigodaddy 5 days ago | parent [-] | |
Maybe they're still counting back ports as CVEs? (Seems like scanning software still always false positives on a listening port that flags for a version and doesn't take into account backport and doesn't actually test for the CVE/vuln-- it's so exasperating weeding through reports thrown at you by "Security") But yeah seems unlikely that official Debian images would be full of CVEs unless they are not being regularly updated. | ||