Some have pointed out that Debian sid isn't quick with kernel updates, but there are some other options than running vanilla sid kernel. The siduction team (esp. 'towo') keeps their kernel pretty close to upstream, and I use that.
I really wish Mint would get off the Ubuntu train and just follow Debian sid with rolling release model.
Well, at least LMDE is based on Debian testing instead of Ubuntu.
Originally Posted by DanL
Anyway, here's Clem's reply to the "controversy": http://segfault.linuxmint.com/2013/1...you-configure/
There is no password for root (it doesn't mean you can log without password, it means you cannot log directly as root, with ssh for example).
Originally Posted by TAXI
For administrative tasks, users must be in the sudoers file, and use sudo, with their own password.
If you are admin (ie sudoer), you can su to root, but with your own password.
You still won't get updates for Firefox or other packages provided by the Mint repos because they are pinned with a higher priority than Ubuntu packages. Mint's policy is to prioritize features and stability over security - for example in Mint 12 they shipped a vulnerable Java version for which there had been remote exploits in the public but they did not see the need to take action on this. See https://bugs.launchpad.net/linuxmint/+bug/890278
Originally Posted by Stebs
Ubuntu uses sudo (I thought it stood for superuser do, but see now that it just is substitute user do) together with no root account
Originally Posted by TAXI
(well of coerce there is one as it's still Linux but I don't have a password and can't be used). Everything that requires root permissions
have to go through sudo which, this is very good because if you have multiple users with root/sudo rights you will see which one who
actually did al those creepy stuff.
By default the first account is allowed to use sudo and uses it by providing its own password.
So no you are not root by default and you are required to enter your own password, the logs will say that your account is responsible.
Other accounts are not sudoers by default.
I think we might have a whole new controversy here.
What the fuck is this about then?
Originally Posted by Clem
Here's the full context of dee's thread:
Answering controversy: Stability vs Security is something you configure
by clem 33
18 Nov 2013 | General
I hear a Canonical dev was more opinionated than knowledgeable and the press blew what he said out of proportion. I wouldn’t mind too much, if we weren’t finding ourselves answering questions from panicked users rather than working on what matters right now (i.e. Mint 16 RC).
So I’ll be brief.
About package updates:
We explained in 2007 what the shortcomings were with the way Ubuntu recommends their users to blindly apply all available updates. We explained the problems associated with regressions and we implemented a solution we’re very happy with.
Anybody running Mint can launch Update Manager -> Edit -> Preferences and enable level 4 and 5 updates, thus making their Linux Mint as “Secure” and “Unstable” as Ubuntu.
Screenshot from 2013-11-18 14:31:53
About Firefox updates:
Linux Mint uses the same Firefox package as Ubuntu from the same repository. Firefox is a level 2 update so every Mint user receives it by default.
LMDE, which is not based on Ubuntu, uses its own Firefox package. We’ve been slow in updating it by the past in LMDE (and that’s probably what confused the Canonical developer) but we took action and automated that. Firefox 25 was released on the 29th of October and updated in LMDE on the 30th.
I personally talked to the legal dept. at Canonical (for other reasons, they’re telling us we need a license to use their binary packages) and it is clear they are confused about LMDE and Mint. They don’t know what repositories we’re using and they don’t know what we’re doing. We’re 2 years younger than them and they have no idea how many users we have (they use http://stats.wikimedia.org/archive/s...ingSystems.htm but don’t realize our user agent is “Ubuntu” since the days of Firefox 4 – Mint 9 if I remember correctly).
I don’t really mind what people at Canonical understand or do not understand about us. I understand why the press and media sell controversy. I just really don’t want to waste time with this.
From the feedback we’re getting so far, people love Mint 16 RC and we’ve got a superb release in our hands. It’s also full of bugs (https://github.com/linuxmint/Roadmap) and what we really want to do right now is not answer questions about how some guy who never ran Mint thinks it’s unsecure but get back to the code and fix as much as we can for Mint 16 to outperform Mint 15.
If you were unaware of this controversy and you’re sad to see negativity, I’d like to apologize. I had to cut this short and make a public statement because the easiest way for us to focus on what matters and ignore this controversy is by linking people to this statement and not waste time answering people one by one, on the forums, on the IRC, and all over the Web.
If Canonical demands "licenses" for Mint to use Ubuntu packages
That will be a GPL violation for any package distributed under the GPL. It will also cause a lot of people to stop contributing to Ubuntu, and force distros based on Ubuntu to dump them for Debian versions. If Ubuntu is REALLY going to act like Apple and try to stop derivative distros, there will be no choice but to throw them out of the open source community. Software you can be harassed by lawyers for redistributing is by definition NOT free and open source software. This could be a real test of the GPL in court if Ubuntu is really trying to go that way.
Originally Posted by dee.
I am finished with Ubuntu if this story is confirmed, but will have to use a mishmash of PPAs targetting Ubuntu over Debian to mantain my system. Will be a dificult migration, starting with adding Debian Unstable to sources.list, setting APT to prefer Debian to Ubuntu, and then allowing updates over time to sweep out Ubuntu packages until I can migrate the startup system to whatever Debian transitions to (probably systemd if Upstart gets caught in this mess).
This is very serious if it is true and not FUD or someone's overreaction.
Hard to believe, isn't it?
That an uninformed/under-informed ubuntu developer could cause this much angst...
The "auto update manager" fight of ubuntu v mint is spreading all over net...
One thing that I see going against the pro-Canonical side of this debate is their recent dumbing-down of
update process in 13.10.....
I like the idea of having the individual choice to decide what is best for me. I do not wish to have a automatic "ubuntu patch-Tuesday" like M$ now has ....or is it "crash-Tuesday?"
To me, linux has and will be a matter of personal choice, not the amount of fan-boy press one can create.
An operating system is only as secure as it's operator.