Red Hat’s controversial decision to change how they distribute the source code for Red Hat Enterprise Linux (RHEL) sparked outrage across social media, with many questioning the future viability of downstream rebuilds like Rocky Linux and AlmaLinux. Despite backlash, Red Hat’s embrace of SELinux sets them apart from Debian, which relies on AppArmor with limited default profiles and a reactive security stance. Red Hat’s default SELinux policies provide robust security benefits, especially in container environments, offering multi-category security labels that create a private sandbox. While Debian is praised for stability and software library, its security framework falls short compared to Red Hat’s comprehensive approach.
https://unix.foo/posts/insecurity-of-debian/