• @[email protected]
    link
    fedilink
    11 year ago

    What you’re paying extra for are timely security updates for community-maintained packages that aren’t an official part of the OS. Debian doesn’t provide that for free either. Debian doesnt provide it at all since they don’t have any paid options.

    • @interceder270
      link
      11 year ago

      So users just run insecure packages on Debian?

      • @[email protected]
        link
        fedilink
        1
        edit-2
        1 year ago

        No. All the official packages in the main repo get security updates from the Debian security team.

        Only the packages in contrib, non-free and non-free-firmware don’t have official security updates and rely on the package maintainers. These are not considered part of the Debian distro, and I don’t even have them enabled on my servers.

        Out-of-the-box, Debian only enables the main repo, plus the non-free-firmware one if any of your devices require it (e.g. Nvidia graphics, Realtek Bluetooth, etc). You have to manually enable contrib and non-free, and by doing that, it’s assumed you know what you’re doing.

        In the case of non-free and non-free-firmware, they can be closed source software (like the Nvidia drivers) or have a non-open-source license that doesn’t allow distributing modified versions. In those cases, the Debian team is unable to patch them even if they wanted to.