Pjotr wrote:Well, you'd have to ask *them* that, wouldn't you?
Actually, I'm interested in your opinion and you do a pretty fair job of answering the question in your follow-up sentence. Thanks.
Pjotr wrote:But my guess is: the default Linux Mint is already pretty secure, even with Mono.
My guess would be more or less the same as yours which is why I find it all the more puzzling that you recommend actually removing Mono.
Pjotr wrote:Note that my practice of removing Mono is simply meant to make the already good security of Mint even better.
Fine. You can do to your own system(s) whatever you want, but as a senior forum member, urging others to remove Mono from their base install is inappropriate at best. There is no risk to justify removing Mono from any Mint user's system. That someone might be "lured" into harming their system by downloading a malware infected .NET executable from some cheesy website and then made to run it under Mono is so improbable that even the Debian, Ubuntu and Mint teams (not to mention others) clearly have no concern with this whatsoever. Plus, although your own assessment of the risk associated with using Mono apparently depends on your mood, you've nevertheless qualified the risk with such alarming statements as "Linux Mint is already pretty secure, even with Mono" and "...the risk is limited".
Secondly, not only is the risk associated with using Mono virtually nonexistent, your urging others to remove Mono from their systems ignores the real risk that someone will end up damaging their system as a result of carrying out your recommendation. Number nine in the list of ten "fatal mistakes" published on your own website is, "Never remove any application that's part of the default installation of Ubuntu or Linux Mint". In that section, you warn visitors that "when you remove a default application, you run a risk of
seriously damaging the system. With some default applications this risk is bigger than with others, and with some there's no risk at all. But it's best to avoid this risk altogether." (emphasis added) So, in general, you don't recommend that users remove applications that get installed as "part of the default installation," due to the risk of "seriously damaging" their own system and yet somehow, this doesn't stop you from recommending to others that Mono be removed from their systems?
Third, if there actually was a significant risk involving the use of Mono itself, the thing for you to do would not be to recommend that Mint users remove Mono from their systems, (totally ignoring your own advice in the process). Considering that any such "risk" should logically threaten
all Mint users and not just those who occasionally visit the forums, the appropriate response would be for you to alert the Mint team of the issue by submitting a bug report. Whether you've done this or not I don't know, but regardless, here you are urging Mint users to remove Mono from their systems, which not only introduces a risk of its own but it also has the side effect of denying them (and other Mint users as well), of their own free choice to benefit from using Mono; either by developing cross-platform Mono applications or just running those Mono applications that exist in the repos -- now, or in the future...
Pjotr wrote:Which for me hardly poses any practical problems, because for me there are good indigenous Linux alternatives around for the Mono / Microsoft .NET applications.
On the contrary, there's nothing non-native about Mono applications. They're compiled on Linux and they run on Linux just like any other "indigenous" software found in the repos.
Plus, what works for you doesn't necessarily work for everyone else and just because there are alternatives to the Mono applications in the repos as far as you're concerned doesn't mean that the same holds true for everyone else. And incidentally, a major reason why you yourself may have had little difficulty finding alternatives to those Mono apps that exist in the repos likely has something to do with the holy war that has been waged over the past five or six years by some in the Linux community in opposition to Mono. Clearly, this war has had an effect on limiting the number of Mono apps in the repos. Therefore, to imply that Mono should be of little use to anyone because alternatives exist for the Mono apps in the repos -- assuming that you could even speak for everyone else to begin with -- is a bit like giving customers in your store just one choice of cigar and then claiming that they don't really want anything else because that cigar is all they ever purchase!
Pjotr wrote:You seem to think that the security of the default Linux Mint installation can't be improved. If so, you're wrong. It's always about usability versus security: what should prevail in which circumstances? People make different choices in such matters. As regards Mono, mine obviously differ from the Mint developers. That's OK with me.
I'm sure that the security of the Mint base can be improved in many different ways but I'm also sure that the Mint team (and others) aren't somehow overlooking a significant security risk involving Mono that leaves the entire Mint community open to a bloody malware attack.
You seem to think that perfect security is achievable in a Linux system. I doubt that it can be if only because you can't exactly prove that a complex system is ever perfectly secure. If you require that your system be 100% secure then shut it down, leave it off and it'll be 100% secure.
Sure, any Linux system can likely be made more secure but I don't believe that a tiny increase in security is worth butchering your OS. If you're so concerned with wanting to improve Mint's security for other users Pjotr, then why are you encouraging them to trade a risk that is so small that even you describe it as "limited", for another one which you feel has the potential for "seriously damaging" their system? I mean, what's the point?
Pjotr wrote:As a final thought (because I don't think this discussion can be fruitful anymore) I'd like to share this programmers' wisdom with you:
"Everything can be cracked, nothing is entirely secure, so strive for as much nothing as reasonably possible".
Yes, that is a good quote. I've always found humor in it. Here's another one that I consider applicable to our discussion: "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -- Ben Franklin
I hope that you don't take any of this too personal but your recommendation that others remove Mono from their systems is way over the line as I see it and it leaves me no choice but to go on record in protest. On a positive note, I happen to agree with you regarding practically everything else I've ever seen you post on these forums. I think overall, you offer great advice to others. I just don't agree with you when it comes to encouraging others to remove Mono from their systems is all.