
Ask HN: Linux distribution with security support for Raspberry Pi? - zurn
It seems Debian security updates don&#x27;t get ported over to Raspbian in a timely fashion. What options are there?
======
akoster
I have not looked deep into this, but you might try Arch Linux ARM [1], which
might have newer versions of packages (if it is anything like its x86
variant). It used to be offered on the official Rpi distro page [2] but I
think it has since been removed, though I am unsure if that indicates that
less effort is going into maintaining it. Regardless, I too would be very
interested in scrutinizing these Raspbian security patches to see how quickly
they are built and distributed compared with their release date, and if an
alternative build of Raspbian that focuses on this was to be released, I would
be very interested.

[1] [https://archlinuxarm.org/platforms/armv6/raspberry-
pi](https://archlinuxarm.org/platforms/armv6/raspberry-pi)

[2]
[https://www.raspberrypi.org/downloads/](https://www.raspberrypi.org/downloads/)

~~~
juliangoldsmith
+1 for Arch Linux ARM. Even if packages aren't available for something, you
should be able to easily build it using makepkg.

I would not recommend running Arch (x86_64 or ARM) if you are a new Linux
user, though. Batteries not included, some assembly required.

------
petre
Void Linux, Arch Linux Arm. There is no Void image for RPi3 but the RPi2 image
works fine, even the WiFi.

------
hd4
This really isn't meant to come across as flippant but if you're running
something serious or important enough on your Rpi that makes you that
concerned about security, maybe you shouldn't be running it on an Rpi.

~~~
fulafel
Often, you care about security not because of the app running on the rpi, but
the environmental risk: Having your home network become a malware distribution
node and/or your backups on a connected NAS server compromised, say.

(Actually the replaceable/disposable nature of the rpi often makes it a more
robust platform than the alternatives as long as you can tolerate short
outages)

------
washadjeffmad
What I use:
[https://en.opensuse.org/Portal:ARM](https://en.opensuse.org/Portal:ARM) /
[https://www.suse.com/products/arm/](https://www.suse.com/products/arm/)

What exactly do you need? SELinux, AppArmor, generic base package security
updates?

~~~
zurn
Just a Linux distribution that gets security updates to the userland and
kernel. Raspbian's latest security updates are from many months ago, their
kernel doesn't ship with a changelog that would show what has been fixed, and
and Debian doesn't support the RPi's.

Thanks for the recomendation, Ubuntu and OpenSuse seem most promising so far.

------
atmosx
If you have a fleet you might want to check out NixOS and Hydra. There is
someone building nix pkgs for ARM/RPi not sure what is the current status...
Just keep in mind that the learning curve is steep for NixOS, but the entire
thing can be automated.

Broadly speaking if you want security you need to compile and distribute your
own packages.

------
fulafel
Ubuntu 16.04 claims to officially support RPi 2+. See eg
[https://www.ubuntu.com/usn/usn-3169-3/](https://www.ubuntu.com/usn/usn-3169-3/)
for a recent security patch to the RPI kernel package.

