USENIX Magazine research recognizes openSUSE infrastructure security
openSUSE’s superior security has been recognized by a paper in ;login, the USENIX association’s magazine. According to the article, openSUSE is the only community Linux distro that’s on par with enterprise Linux distributions in protecting against recently discovered package management vulnerabilities.
What’s more, the openSUSE and SUSE Linux Enterprise distros not only secure packages and package metadata with cryptographic signatures, but have addressed the more exotic attacks described by the paper as well, with the slow-data fix currently in Factory completing the picture. The upshot of this is that users can deploy updates safely whether they’re obtaining updates from a centralized network or through a decentralized system of community maintained mirrors.
Cross-posted to the SUSE Blog