Announcement

Collapse
No announcement yet.

Canonical Developer Criticizes Linux Mint's Security

Collapse
X
 
  • Filter
  • Time
  • Show
Clear All
new posts

  • Pajn
    replied
    Originally posted by dee. View Post
    All updates require root perm?ssions (unlike in Ubuntu)
    Ubuntu requires super user permissions to install updates. Ubuntu doesn't have a root account by default.

    Leave a comment:


  • mrugiero
    replied
    Originally posted by Goddard View Post
    Saying DistroWatch is a bad source is just like when my teachers would say Wikipedia is a bad source. It always felt like a discrediting statement especially when I would write papers sourcing the material, but say it came from an encyclopedia. In other words it may not be as good as getting a piece of software on every single Linux system reporting which distro they are using, but it is as good as it gets.
    Do you visit DistroWatch and click on your distro periodically? Because I don't know of a single individual that does. That's why it is not representative. DistroWatch is useful to read about distros. Usually, you already know what's in there for your distribution, and you'd only enter to compare a few if you want to switch. So, neither bounds one user to one distro (and the common case is that one user uses only one distro) nor to the distro he or she uses.

    Originally posted by prodigy_ View Post
    Yes, it's a pure coincidence that the most popular distros are on top of the list.
    Yes, it is. Well, not a complete coincidence, as what it measures is curiosity about such distributions, but yeah, it has nothing to do with the number of users.



    On the Mint issue, with information I've found on this thread I changed my mind. I thought this was a serious problem in general, because it sounds like they don't dispatch the updates, not like they are optional. If the user knows what he/she's doing, Mint is as secure as their upstream, Ubuntu, is. It is not so moron friendly as Ubuntu, though, having the user to think about the updates.

    Leave a comment:


  • erendorn
    replied
    Originally posted by FLHerne View Post
    Because it allows random people to anonymously perform far more actions than they can if not logged in, and there only needs to be one badly-thought-out interaction between two permitted actions to give them full access.
    Well, "people that have physical access" != "random people", and if your OS has obvious permission escalation breaches, I'm not sure you can trust it anyway.

    Also, there only need one security breach in your browser for allowing remote code execution, so by that reasoning, any system with a browser is a compromised system.

    Leave a comment:


  • bulletxt
    replied
    I don't give a fuck of any of the bullshit that I'm reading. The only thing I know is that my server in production with Ubuntu 12.04 got fucked up from this Linux kernel exploit once an hacker got into a shitty Joomla installation: http://blog.zx2c4.com/749

    Leave a comment:


  • dee.
    replied
    Mint doesn't "disable" updates per se, they simply categorize updates in 5 levels, from 1 to 5. Each update is given a level from 1-5. Updates that are levels 1-3 are shown by default, and suggested to be installed (the checkbox comes pre-checked). Updates that are ranked at levels 4-5 are not shown by default, and when shown are not suggested to be installed (checkbox comes unchecked).

    All of this behaviour is user-configurable, if you want ALL THE UPDATES (all of them) then all you have to do is go to the update settings and set all update levels to be updated by default.

    This is to say, no updates get installed automatically in Mint. All updates require root perm?ssions (unlike in Ubuntu) to be installed (but you only have to enter the password once per session, which is a much more intelligent way of doing it than the Ubuntu way of not requiring a password at all). So the only difference between the levels is, which updates the installer suggests that you should install, that's all.

    The reason for dividing updates to levels is that some updates have been known to cause instability in the system, so in Mint it is thought to leave it up to the discretion of the user whether to accept those updates and when. There aren't often any urgent security updates in the level 4-5 updates, almost all of them seem to be marked as "low urgency" when they come from Canonical, and relatively few of them contain actual security updates.

    Leave a comment:


  • malligt
    replied
    Here is the response from Mint

    Hi Clem, can you look at this article http://www.phoronix.com/scan.php?pag...tem&px=MTUxNzY ? How serious is a Mint security problem from your point of view? Thakns for reply

    Edit by Clem: We?re very happy with the filtering system (which you can configure if you?re not satisfied with the default settings). We explained why the Ubuntu update policy was not good enough for us and we consequently developed the update manager to solve that particular problem. That all happened in Linux Mint 3.1? in 2007. Do we need to explain it again in 2013, in the middle of an RC because somebody at Canonical doesn?t understand it? No, filtering doesn?t work the way that dev thinks. No, Firefox doesn?t come to you later in Mint than it does in Ubuntu (it?s a level 2 update). Yes, by default you get updates in Ubuntu for kernels and Xorg and not in Mint. Yes, there?s a very good reason for that.

    Leave a comment:


  • dh04000
    replied
    Its annoying once I mess up my posts, the edit limit takes away my ability to fix them.. :/

    Leave a comment:


  • dh04000
    replied
    Originally posted by dh04000 View Post
    Lol, a couple of devs for one open source project complain about another set of devs of another open source project on a mailing list that about 5 people will see. PR, you keep saying that word, but I don't think it means what you think it means. Just a bunch of whiners whining about another bunch of whiners, while a bunch of whiners whine about it on the biggest whiner forum known to man.

    Originally posted by NothingMuchHereToSay View Post
    I'm looking through this thread and obviously there's waaaaaay too many Linux diehards in here. Are you people trying justify your delusions by saying that wikipedia has a long lasting bug that makes Canonical's Ubuntu more popular than your favorite distro? From the eyes of an outsider that joined Linux because of Ubuntu back in 2008, I have to wonder how you people are completely missing the point when it comes to marketing.

    Sadly, they are for real. Warped and twisted their minds have become. Everything they see is a plot or a conspiracy, or evidence to support their own bloated and diseased world view. Really, there is no news here, just FOSS dev complaining.

    Leave a comment:


  • dh04000
    replied
    Originally posted by prodigy_ View Post
    That's Canonical developers for you - only good at "developing" cheap PR. And their boss is their mentor.
    Lol, a couple of devs for one open source project complain about another set of devs of another open source project on a mailing list that about 5 people will see. PR, you keep saying that word, but I don't think it means what you think it means. Just a bunch of whiners whining about another bunch of whiners, while a bunch of whiners whine about it on the biggest whiner forum known to man.

    Leave a comment:


  • NothingMuchHereToSay
    replied
    Are you people for real?

    I'm looking through this thread and obviously there's waaaaaay too many Linux diehards in here. Are you people trying justify your delusions by saying that wikipedia has a long lasting bug that makes Canonical's Ubuntu more popular than your favorite distro? From the eyes of an outsider that joined Linux because of Ubuntu back in 2008, I have to wonder how you people are completely missing the point when it comes to marketing.

    Leave a comment:

Working...
X