LMDE and updates

All Gurus once were Newbies
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Please stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions prefer the other forums within the support section.
Before you post please read this

Re: LMDE and updates

Postby killer de bug on Thu Jun 05, 2014 4:20 pm

woodsman wrote:I too am hoping the new Mint LTS policy will improve the attention LMDE receives, although some have posted that is unlikely to happen.


I already explained why this will not happen. I will not start again here. :)
If the team has moved to LTS, it's only to have more time for their projects (Cinnamon, Nemo...) and not to spent more time fixing Cinnamon for Debian Testing.
If I have seen further it is by standing on the shoulders of giants. [Isaac Newton]
User avatar
killer de bug
Level 7
Level 7
 
Posts: 1694
Joined: Tue Jul 08, 2008 1:49 pm
Location: Austria

Linux Mint is funded by ads and donations.
 

Re: LMDE and updates

Postby woodsman on Thu Jun 05, 2014 6:01 pm

I already explained why this will not happen.

Yes, and many people have shared opinions and desires for the opposite. :)
woodsman
Level 4
Level 4
 
Posts: 205
Joined: Tue May 11, 2010 10:22 pm

Re: LMDE and updates

Postby killer de bug on Fri Jun 06, 2014 2:19 am

woodsman wrote:Yes, and many people have shared opinions and desires for the opposite. :)


Of course. But you do understand that your desire will not change facts, right? :lol:
If I have seen further it is by standing on the shoulders of giants. [Isaac Newton]
User avatar
killer de bug
Level 7
Level 7
 
Posts: 1694
Joined: Tue Jul 08, 2008 1:49 pm
Location: Austria

Re: LMDE and updates

Postby py-thon on Fri Jun 06, 2014 9:12 am

killer de bug wrote:But you do understand that your desire will not change facts, right?

This desire will change facts because in the long run either LMDE's policy will change or LMDE will end up without users.

Next security issue in LMDE: https://lists.debian.org/debian-securit ... 00130.html
So now there are (among others):
gnutls (fixed in Jessie, unfixed in LMDE)
openssl (partly fixed in Jessie, unfixed in LMDE)
python-gnupg (fixed in Jessie, unfixed in LMDE)
and the kernel (unfixed in Jessie and LMDE).

killer de bug wrote:If security is what matter the most for you

Security matters to every user, but lots of users don't realize that.
Current solution seems to be to use LMDE tracking Testing to get most of the security updates within reasonable time.
Tower: LMDE Mate 64bit - Netbook: LMDE Mate 32bit
py-thon
Level 4
Level 4
 
Posts: 234
Joined: Fri Sep 27, 2013 2:24 pm
Location: Paraguay

Re: LMDE and updates

Postby killer de bug on Fri Jun 06, 2014 10:31 am

py-thon wrote:This desire will change facts because in the long run either LMDE's policy will change or LMDE will end up without users.


You're speaking about security updates and I'm not.

woodsman wrote:but the SolydX folks have committed to a quarterly update pack schedule. Would be nice if LMDE could do likewise. :)

killer de bug wrote:I already explained why this will not happen.

woodsman wrote:Yes, and many people have shared opinions and desires for the opposite. :)

killer de bug wrote:Of course. But you do understand that your desire will not change facts, right? :lol:

So for the last time and after that I stop. If the Mint team has gone on LTS for Ubuntu, it is not for increasing the workload in LMDE. What's the point in fixing Cinnamon so that you can push more UP in LMDE (so newer GTK versions more often) if you moved to LTS Ubuntu exactly to avoid this?

There is just no point! It's a non sense! And if you don't understand it, then I cannot help you! That's why LMDE will probably move to Debian stable as soon as it is possible.


So now, stop changing what I say to your convenience. I hate that! I wasn't speaking about security updates. Security updates peoples are requesting is just an other reason for the team to move to Debian Stable. So that you get the fixes without them having to be concern about that.

py-thon wrote:Current solution seems to be to use LMDE tracking Testing to get most of the security updates within reasonable time.

Then why don't you just do it? Maybe because you're using Cinnamon... :wink:
If I have seen further it is by standing on the shoulders of giants. [Isaac Newton]
User avatar
killer de bug
Level 7
Level 7
 
Posts: 1694
Joined: Tue Jul 08, 2008 1:49 pm
Location: Austria

Re: LMDE and updates

Postby py-thon on Fri Jun 06, 2014 11:49 am

killer de bug wrote:That's why LMDE will probably move to Debian stable as soon as it is possible.

A semi-rolling release based on Debian stable? With a single UP every two years maybe? No one needs that.

killer de bug wrote:Then why don't you just do it? Maybe because you're using Cinnamon... :wink:

You got me, I just put Mate in my signature to confuse people.
Tracking Testing would make me wonder why I am still using LMDE instead of Debian Testing as such.
Tower: LMDE Mate 64bit - Netbook: LMDE Mate 32bit
py-thon
Level 4
Level 4
 
Posts: 234
Joined: Fri Sep 27, 2013 2:24 pm
Location: Paraguay

Re: LMDE and updates

Postby killer de bug on Fri Jun 06, 2014 11:58 am

py-thon wrote:A semi-rolling release based on Debian stable? With a single UP every two years maybe? No one needs that.


Stable with backport will provide you new soft and kernel every so and then and you will get daily/weekly security fixes.
Other pro include the fact that it's based on Debian and not Ubuntu, and that you don't have to reinstall.

And for the UP, you will get every 6 months, maybe more often a new Cinnamon version... Cinnamon being the project of the team it's the most important. Of course for Mate, I don't know how it will be handled... :wink:


You know you can stay under LMDE and use testing repo to upgrade the packages you think need to be upgraded. I'm doing this quite often... :wink:

py-thon wrote:Tracking Testing would make me wonder why I am still using LMDE instead of Debian Testing as such.

Maybe after a few months of constant daily updates, you will understand why UP model can be more relaxing...
If I have seen further it is by standing on the shoulders of giants. [Isaac Newton]
User avatar
killer de bug
Level 7
Level 7
 
Posts: 1694
Joined: Tue Jul 08, 2008 1:49 pm
Location: Austria

Re: LMDE and updates

Postby woodsman on Fri Jun 06, 2014 1:21 pm

Of course. But you do understand that your desire will not change facts, right?

Only if you are in charge of the final decision. :)

Nothing changes at all unless people share their desires and opinions.

This desire will change facts because in the long run either LMDE's policy will change or LMDE will end up without users.

Indeed. Users simply leave and find solutions elsewhere. Currently I am looking at the Solyd family. Only two versions, but they commit to a quarterly update schedule.

If security is what matter the most for you

I think the response that users should not use LMDE if security is important is a red herring. Security is always important and Linux often is touted as being a secure operating system. To dismiss the topic with a wave of the hand does not speak well for LMDE or the Mint family,

Granted, there are two distinct conversations in this thread: LMDE Update Packs and obtaining recent security patches.

Regarding security, even the Microsoft folks had patch Tuesday. :)

If the Mint team has gone on LTS for Ubuntu, it is not for increasing the workload in LMDE.

I do not know whether you are part of the development team or are a team decision maker, but if not you should not be speaking on their behalf. I have yet to read any official declaration of such a policy from the project leader. All I have read is the new LTS policy should allow developers more time to devote to other areas, which without any specific disclaimer, could or would include LMDE.

For myself, I am using Mate and am patiently waiting for 1.8 to merge into LMDE. Cinnamon is not an issue for me. As Mate 1.8 is not affected by upstream GTK3 changes, I see no reason why 1.8 should not be merged into LMDE Real Soon Now.

Moving LMDE to Stable would be a strange decision. I have not read anything official like that from team leaders.

I don't think anybody here is asking for anything dramatic, like daily updates or even monthly updates. For Update Packs, quarterly seems like a reasonable target. Security updates should be pushed as soon as possible after becoming available in Testing. Security patches rarely involve usability changes and should be pushed quickly to users.

I believe this conversation has been quite civil. Yes there is disagreement but the conversation has nonetheless remained civil. :)
woodsman
Level 4
Level 4
 
Posts: 205
Joined: Tue May 11, 2010 10:22 pm

Re: LMDE and updates

Postby killer de bug on Fri Jun 06, 2014 2:39 pm

Ok I surrender. I can't spent my precious time to explain again and again facts. :lol:
And yes, I have been around for a few months, so yes, I know a bit of why decisions are made. Not every and not all, of course, but still more than py-thon and you. :wink:
If I have seen further it is by standing on the shoulders of giants. [Isaac Newton]
User avatar
killer de bug
Level 7
Level 7
 
Posts: 1694
Joined: Tue Jul 08, 2008 1:49 pm
Location: Austria

Re: LMDE and updates

Postby killer de bug on Fri Jun 06, 2014 2:44 pm

woodsman wrote:For myself, I am using Mate and am patiently waiting for 1.8 to merge into LMDE. Cinnamon is not an issue for me. As Mate 1.8 is not affected by upstream GTK3 changes, I see no reason why 1.8 should not be merged into LMDE Real Soon Now.


It will. You know, if could have been since a few months in fact. I got it installed on a LMDE system to be honest. It's easy and I just had to pick one lib from testing ;)
MATE 1.8 will be in LMDE with UP9. UP9 will be released after Linux Mint 17 KDE & XFCE are out. So probably mid-july.


Regarding security, LMDE is really secure. Even without daily updates it's way more secure than windows for example. What I meant earlier is that if you want all the small patches, every day for all the small security issues, then LMDE is not for you. And Debian TESTING is not either!
If I have seen further it is by standing on the shoulders of giants. [Isaac Newton]
User avatar
killer de bug
Level 7
Level 7
 
Posts: 1694
Joined: Tue Jul 08, 2008 1:49 pm
Location: Austria

Re: LMDE and updates

Postby woodsman on Fri Jun 06, 2014 3:28 pm

I can't spent my precious time to explain again and again facts.

We agree to disagree as to what actually are the facts. :)

It's easy and I just had to pick one lib from testing

Please share your instructions. :)

Regarding security, LMDE is really secure.

I agree! With respect to the typical daily deluge of security patches that appear in Linux land, I doubt most users are affected by 98% of them. Most of these security patches are related to unique, specific, and contrived use cases and only occasionally apply to all users. That said, there is a feeling by all users that they want all security patches anyway because most users are not skilled or equipped to decide whether these security flaws will affect them. There is peace of mind just to install the patches as soon as available. People use Linux systems because of the many claims about good security.

I use another distro daily and through the years I have observed that security patches don't appear 12 minutes after the announcement. There is always a period of a few days before patches appear, often longer when the security bug is unique or obscure because the threat level is low. Sometimes a patch does not appear at all because the bug affects only certain versions of a package. Yet, there is nonetheless a quiet assurance that patches are always forthcoming. I fully appreciate and understand the need for the developers to pause and take a break after releasing Mint 17, yet the general pulse in this thread with respect to security patches is the patches are not forthcoming.

As I mentioned, security patches seldom or rarely affect usability. These kinds of patches should be automated directly into the Mint update queues, including LMDE. Computers perform automated tasks quite well and I think this is one reason users are a little impatient with respect to security patches.

then LMDE is not for you. And Debian TESTING is not either!

Debian Testing is well known for being stable. Yes, occasional regressions occur but overall, quite stable. And most users confident in their computer skills who decide to use LMDE are sufficiently skilled to address those occasional regressions. The original reason for the Update Packs is simply the exhausting daily effort required to keep pace with Debian Testing. The Mint developers could return to that original plan but then the name of Mint likely would suffer a bit with respect to stability. The developers have chosen stability as a priority. Hence the controlled effort to push Debian Testing updates through Update Packs.

That said, if Update Packs were on a fixed schedule there would always be a knowable target. That is not the case now. LMDE users get the feeling of being a mushroom --- always in the dark. Since all Linux distros are based on a sense of community, this kind of policy does not lend well to a feeling of belonging. LMDE users are left to feel like black sheep.

A fixed and knowable schedule also would lend well to less breakage because the amount of updates would be smaller, more bite size. Updates at only once or twice per year will always be massive and almost assured to cause breakage somewhere.

Of course there are other options. There are other distros based on Debian Testing. Users do not have to stick with LMDE. The developers could drop support for LMDE. The whole point to this thread, I think, is LMDE users do not feel like they belong to any community. If nothing else, simply automating the security patch queue would quash some of the debate. :)
woodsman
Level 4
Level 4
 
Posts: 205
Joined: Tue May 11, 2010 10:22 pm

Re: LMDE and updates

Postby killer de bug on Fri Jun 06, 2014 3:57 pm

woodsman wrote:[
Please share your instructions. :)


A while ago I used Mate official repo. But now, it's in testing so just install the mate-desktop-environment package from testing ;)
http://wiki.mate-desktop.org/download#debian
If I have seen further it is by standing on the shoulders of giants. [Isaac Newton]
User avatar
killer de bug
Level 7
Level 7
 
Posts: 1694
Joined: Tue Jul 08, 2008 1:49 pm
Location: Austria

Re: LMDE and updates

Postby kurotsugi on Fri Jun 06, 2014 5:32 pm

the fact is, there's no official statement from mint's devs and the decision for moving to debian stable haven't been made yet :3
If security is what matter the most for you, I tell you something I already told you, LMDE is not the best distro for you. And Debian Testing is not a good choice either!
I wonder who did tell you this but debian testing got security updates. the fact that LMDE isn't secure doesn't means that debian testing isn't secure neither. that's LMDE's fault since the repo is completely frozen and doesn't allow security updates comes from debian testing.
kurotsugi
Level 5
Level 5
 
Posts: 891
Joined: Fri Jan 25, 2013 3:54 am

Re: LMDE and updates

Postby killer de bug on Sat Jun 07, 2014 6:25 am

kurotsugi wrote:the fact is, there's no official statement from mint's devs and the decision for moving to debian stable haven't been made yet

That's why I did not say it's official. But I used "probably" :roll:


kurotsugi wrote: I wonder who did tell you this but debian testing got security updates.

I just read the manual... Testing has not security team. Update comes from Sid. It can take 2 days or 10 or 2 months...
So obvioulsy if security is the most important for the user, then use either Sid or Stable but not testing... :roll:

kurotsugi wrote::3
:roll:
If I have seen further it is by standing on the shoulders of giants. [Isaac Newton]
User avatar
killer de bug
Level 7
Level 7
 
Posts: 1694
Joined: Tue Jul 08, 2008 1:49 pm
Location: Austria

Re: LMDE and updates

Postby py-thon on Sat Jun 07, 2014 7:32 am

killer de bug wrote:Maybe after a few months of constant daily updates, you will understand why UP model can be more relaxing...

No one is forced to update daily when using Testing. You can update with whatever schedule suits you, for example every other week. This way you get security updates in reasonable time without changing the system too often.

killer de bug wrote: It can take 2 days or 10 or 2 months...

It doesn't matter how long it takes to get from Sid to Testing, when tracking Testing you will get the update ahead of LMDE because LMDE is based on Testing.

killer de bug wrote:Stable with backport will provide you new soft and kernel every so and then and you will get daily/weekly security fixes.
Other pro include the fact that it's based on Debian and not Ubuntu, and that you don't have to reinstall.

LMDE is already based on Debian and not Ubuntu and we don't have to reinstall :wink:

Stable with backport sounds a nice idea with respect to security updates. But on the other hand it will take the same amount of time to support which probably means only two or three UPs per year. Only part of the packages are backported so users will have to get packages from Testing more frequently.

What would be the advantage of LMDE (tracking Debian Stable) over Debian Stable (let's say with some packages from Mint added)? Sounds more like tweaking Debian Stable than like a distribution in its own right.
Tower: LMDE Mate 64bit - Netbook: LMDE Mate 32bit
py-thon
Level 4
Level 4
 
Posts: 234
Joined: Fri Sep 27, 2013 2:24 pm
Location: Paraguay

Re: LMDE and updates

Postby killer de bug on Sat Jun 07, 2014 8:52 am

py-thon wrote:LMDE is already based on Debian and not Ubuntu and we don't have to reinstall :wink:

Seriously :shock:

py-thon wrote:Stable with backport sounds a nice idea with respect to security updates. But on the other hand it will take the same amount of time to support which probably means only two or three UPs per year.

Who is speaking about UP with Debian Stable?

If you follow stable, you get the updates from Debian Stable directly from their repo. The team has no work to do on this part.
And once in a while, they push the new version of their own software (Nemo, Mintupdate, Cinnamon...).

No more UP. See it like Linux Mint 17...
If I have seen further it is by standing on the shoulders of giants. [Isaac Newton]
User avatar
killer de bug
Level 7
Level 7
 
Posts: 1694
Joined: Tue Jul 08, 2008 1:49 pm
Location: Austria

Re: LMDE and updates

Postby killer de bug on Sat Jun 07, 2014 8:59 am

This is for you, py-thon, kurotsugi & woodsman:

clem wrote:I'll give you a hint: Regressions happen all the time. Critical regressions are quite rare. Security updates come all the time, security updates you can't do without are quite rare. So in practice, if you upgrade everything blindly, you'll get fixes, many of which you don't need, and a few new bugs, most of which won't annoy you too much. You will take a risk though, and if you're experienced enough to fix things from tty, switch kernels, downgrade packages.. then that's ok. Because on the rare occasion where an upgrade crashes your Cinnamon DE, or worse.. your boot sequence, you'll know what to do. And in practice, if you just don't upgrade anything ... ever... well, you'll keep your security holes, many of which won't matter to you (I'd like everyone to think of the last few security holes they patched on their system and try to find out what that changed for them... in practical terms), you'll keep some bugs that were fixed, and your system will continue to be "good" whereas it could have been "better"... you don't take the risk to break it though. So there you go... as you can see, you can make the wrong decision to always upgrade everything, or to never upgrade anything... or you can spend some time and do some research on the few package updates we flag as both secure and unsafe for you and rely on levels to get the best of both worlds.


Original post is here: viewtopic.php?f=143&p=871762#p871748
If I have seen further it is by standing on the shoulders of giants. [Isaac Newton]
User avatar
killer de bug
Level 7
Level 7
 
Posts: 1694
Joined: Tue Jul 08, 2008 1:49 pm
Location: Austria

Re: LMDE and updates

Postby KBD47 on Sat Jun 07, 2014 9:55 am

If you guys who are worried about the possibility and any problems regarding the idea of using LMDE with Stable sources you can look on the forum and see that several of us have already done this over the years. I even have a whole thread about it in the LMDE section. What differences did I notice? I got more updates with Stable sources. I got instant security updates directly from Debian. LMDE never broke for me on Stable.
What would be the theoretical advantages to using a Stable LMDE vs. vanilla Debian Stable? As someone who has installed vanilla Debian about a dozen times, lots of time saved, codes don't need to be hunted down. Extra sources for DVD codecs don't need to be added. And it just looks a heck of a lot better, more polished, a nicer OS out of the box than vanilla Debian. Also all the non-free firmware and drivers Mint adds. So yeah, big difference with LMDE Mint vs. vanilla Debian.
KBD47
Level 6
Level 6
 
Posts: 1025
Joined: Fri Jul 29, 2011 12:03 am

Re: LMDE and updates

Postby killer de bug on Sat Jun 07, 2014 11:43 am

I have not been always in favor of LMDE being based on Stable. But since a few months, as soon as I knew Linux Mint would be based on LTS, it has become clear in my head that LMDE would have to become more 'stable' than now...

Cinnamon is the priority in my head. So I would stay if LMDE is based on Debian Stable in the future... :)
If I have seen further it is by standing on the shoulders of giants. [Isaac Newton]
User avatar
killer de bug
Level 7
Level 7
 
Posts: 1694
Joined: Tue Jul 08, 2008 1:49 pm
Location: Austria

Re: LMDE and updates

Postby KBD47 on Sat Jun 07, 2014 12:05 pm

killer de bug wrote:I have not been always in favor of LMDE being based on Stable. But since a few months, as soon as I knew Linux Mint would be based on LTS, it has become clear in my head that LMDE would have to become more 'stable' than now...

Cinnamon is the priority in my head. So I would stay if LMDE is based on Debian Stable in the future... :)


Honestly, most users would not even notice if LMDE was based upon Stable, especially if the main apps were backported. The difference is that they would get more updates with Stable, and would be free of the Update Pack drama. It would look exactly the same, work the same, just be a more Stable release without any likelihood of breakage.
Edit: BTW Debian is now extending long term support even beyond the normal 3 years.
https://www.debian.org/News/2014/20140424
Putting it on par with Ubuntu LTS support of 5 years, if anyone wanted to use the OS for 5 years without a distribution-upgrade.
Debian Stable is aimed at running on servers flawlessly for many years. It almost impossible to beat for stability.
Last edited by KBD47 on Sat Jun 07, 2014 12:16 pm, edited 1 time in total.
KBD47
Level 6
Level 6
 
Posts: 1025
Joined: Fri Jul 29, 2011 12:03 am

Linux Mint is funded by ads and donations.
 
PreviousNext

Return to Newbie Questions

Who is online

Users browsing this forum: No registered users and 6 guests