Comment by vbezhenar
6 months ago
This is such a weird state.
> The Photon images provide many other benefits not previously available to users of Debian images, including:
> Drastically reduced CVE count (e.g., 100+ CVEs to in some cases 0)
How can Debian image contain 100+ CVEs? It's nonsense. Surely Debian is as secure as most other "commercial" distros.
This CVE scanning stuff is clear FUD to promote commercial distros.
Maybe they're still counting back ports as CVEs? (Seems like scanning software still always false positives on a listening port that flags for a version and doesn't take into account backport and doesn't actually test for the CVE/vuln-- it's so exasperating weeding through reports thrown at you by "Security")
But yeah seems unlikely that official Debian images would be full of CVEs unless they are not being regularly updated.