Re: N900 user wants to explore linux on his desktop...
 

Please explain how you come to this conclusion :)

Re: N900 user wants to explore linux on his desktop...
 

It is easy. Just use Google to find examples where security policy is potentially compromised.

Having GPG signatures embedded in packages (RPM) is practically better security policy than having them separately (DEB).

Re: N900 user wants to explore linux on his desktop...
 

Ubuntu sucks...

If u like an easy install with a nice desktop go for SuSE instead
If u like something more customized ArchLinux and Debian are the best distros out there.

Re: N900 user wants to explore linux on his desktop...
 

Well, I looked through the first page of google results and found nothing along the lines of "RPM is more secure than DEB".

I did a bit more googling - searching for stuff like "is rpm more secure than deb" and still didn't find any conclusion like yours.

Whatever - it's more about personal opinions. Personally I use both - mainly debian based systems at home (and of course on my N900), and RPM based for work (Redhat/SuSE) and have never come across any security issues like you're suggesting.

Re: N900 user wants to explore linux on his desktop...
 

If the OP is looking to truely understand how Linux works, and the ins and outs of it, then Ubuntu is not the way to go (my opinion).

It focuses to much on Ubuntu specific GUI tools for configuring the system, and doesn't adhere to the GNU free-software phillosophy; give a person Ubuntu for a year to use, then sit them in front of pretty much any other distro that focuses more on the terminal, and they'd be stuck.

It's great as an alternative to Mac and Windows, but it's one of those distros. that's drifted far away from what Linux is.

Re: N900 user wants to explore linux on his desktop...
 

Many DEB-based distro users install packages without any way checking their integrity or authenticity. There is always a possibility for a MITM attack when users behave this way.

For example this Maemo is dangerously week in security wise. Even the famous Faster Application Manager doesn't care if the package is failing the authenticity check. And if you do the above Google search by adding "site:.maemo.org" in it, you will find specific examples of possible security compromise.

Re: N900 user wants to explore linux on his desktop...
 

All I find that's anywhere near relevant is your previous posts on this same subject!

Out of interest, how many times have you personally experienced this type of attack?

Whatever - you're entitled to your opinions. Thanks for the input, but for now I'm going to continue using .debs. And I've got my tin foil hat on so I'm sure I'm safe ;)

Re: N900 user wants to explore linux on his desktop...
 

You are too wrong about this, do a little research and don't speak of things that you obviously don't know.

Re: N900 user wants to explore linux on his desktop...
 

I've got an overwhelming answer to the first statement, just as logical as yours:

Ubuntu doesn't suck.

BTW: SuSE was my first distro. I think I started with 3.0 or something like that. I used it for a few years.

Re: N900 user wants to explore linux on his desktop...
 

I use both Ubuntu and Fedora daily.

It is a fact, that many install DEB packages just by downloading them with wget/ftp/usb-stick and then installing with dpkg -i.

It is a fact, that most DEB packages do not have GPG signature embedded, like most RPM packages do.

It is a fact rpm checks the GPG signature always when package is installed, even without yum or other higher level package managers.

It is a fact, installing with dpkg -i in most of the systems, no authenticity check is done, because GPG signature is not embedded in the DEB package.

Therefore I repeat my claim: Fedora's package security policy in practice is more secure than one in DEB-based distros. It theory, if people would do the right thingh always, it wouldn't matter, but this is not the case with people as the above Google search will show.

It is simply better security policy to have GPG signatures embedded (RPM) in software packages, than having them separate (DEB), in practice.

[edit]
And one more thing. RPM-system uses transactions when modifying the system state (installing/removing/upgrading packages), DEB-system does not.