Re: [Gnumed-devel] Re: hherb.com reborn

[Karsten Hilbert]

> >  b) Just building a Debian package does not make software secure
> >     by default.
It does not *make* it more secure. But it increases its
chances for being *monitored* for issues - especially when in
Stable.

> You'll hopefully excuse any ignorance, I (maybe) misinterpreted from 
> a prior email that packaging within debian would bring with it some 
> orderliness that enhances/assists security i.e. that advantages to a 
> debian package include *some* security benefits (even if only 
> indirect), maybe that is wrong
No, I think you are spot on.

One advantage would be that updating a package (possibly to gain
improved security) is a well-polished process with Debian.

> Does this also mean that a medical practice, using real patient data 
> to provide real care, should always stick with "stable" --- or 
> perhaps --- that if the practice moves up to "testing", they need 
> some confidence that security issues for the kernel, and for any 
> packages *used by that practice*, will be closely and actively 
> watched/managed, by people *other than* the debian security team?
You are right. There's several dimensions to that: For one
thing this is a business opportunity, eg. providing "quality
monitored" Debian packages to the medical community.

I would use stable for all machines exposed to outside threats
- or even Debian based distros tailored for providing secure
outside access.

"Inside" servers/workstations may opt for selectively running
some testing packages for increased functionality.

Karsten
-- 
GPG key ID E4071346 @ wwwkeys.pgp.net
E167 67FD A291 2BEA 73BD  4537 78B9 A9F9 E407 1346