Linux Kernel 0day

[killer de bug]

One last question, Is this the only config file that contain rules for the update manager? If that's the case, lol we are making noise for nothing.
https://github.com/linuxmint/mintupdate ... date/rules

To the best of my knowledge yes. It is associated with this code: https://github.com/linuxmint/mintupdate ... te.py#L808

[Cosmo.]

when packages moves from one level to another.

They don't. They are affected to a level and will not move.

Are you sure or with another question: Does this note in the change log not apply to LMDE?

[killer de bug]

Are you sure or with another question: Does this note in the change log not apply to LMDE?

I really think that the level is static. I read Clem's note as: if we really need to push an update, we will lower its level before it enters the repo.

I don't think we had cases where an update was level 4 before being downgraded to 3 or 2. On the other hand, I know that in 2014, some ssl updates were pushed to romeo so that we could test them before it was pushed to everyone. I remembered that Monsta and myself tested these updates for a few hours before it was deployed.

[cb474]

cb474 I think the situation is not as bad as it looks, the problem is how the update manager works.

If we look at the code:
https://github.com/linuxmint/mintupdate ... date/rules

Code: Select all

banshee|*|2||
firefox|*|2||
thunderbird|*|2||
*language-pack|*|2||
*flashplugin|*|2||
*wine|*|2||
pidgin|*|2||
*libreoffice|*|2||
chromium-browser|*|2||
transmission|*|2||
shotwell|*|2||
shutter|*|2||
evince|*|2||
gnome-calculator|*|2||
gthumb|*|2||
dbus|*|4||
*xorg|*|4||
acpid|*|4||
mountall|*|4||
mesa|*|4||
systemd|*|4||
plymouth|*|4||
upstart|*|4||
*base-files|*|5||
*linux-|*|5||
linux|*|5||
grub|*|5||
grub2|*|5||
virtualbox|5.0.4-dfsg-2|5||This version is built against the LTS Vivid Xorg/MESA stack. Upgrading it removes virtualbox-guest-x11. Reinstalling the package breaks Xorg.
bcmwl|*|3||
ubuntu-drivers-common|*|3||

It seems like is kind of white list, and whatever is not listed is marked as level 3? I believe what's missing is a better explanation about how updates are being classified and when packages moves from one level to another.

The guide mention about it: http://www.linuxmint.com/documentation/ ... h_17.2.pdf But still I'm looking for a way to know based on what is the classification and hopefully a classification matrix, with that knowledge anybody should be able to judge better what's happening.

Thanks for the explanation of how the levels get determined. The fact that it's a white list that just automatically treats certain packages the same way every time explains a lot about why this sytem doesn't make sense. I thought the "4" and "5" levels were being assigned by people who know something about the individual updates in question, not just being mechanically assigned with no consideration to whether for that paritcular update it made sense. Anyway, for the reasons I've stated above, it does not seem very well thought through.

*

@killer de bug

I'm going to stop responding to your posts, because I don't think we're really communicating. I would only be repeating things I've already said. I also think you do not seem to understand my posts and completely misrepresent them in your replies. And I don't really think the positions you have taken are coherent.

For example, you keep harping on about Dr. Octagon and kevinthefixer's posts, as if I did not see them, even though I explicity responded to Dr. Octagon and thanked him for his input. You don't really seem to pay much attention to what you're respondig to. Kevinthefixer's post that there's no reason to worry about security in Linux, because he claims it's not a target, seemed off topic, blantantly wrong (though a popular misconception), and foolhardy at best, so I'm not sure why I should have responded to it or what it has to do with the discussion of how LMDE labels the relative safety of updates from Debian Stable.

I also understand, as you point out, that the updater is the same software used in regular Mint and LMDE, so they both have levels. I really don't have a problem with the updater having levels. I just think the logic by which those levels have been assigned makes almost no sense. It might apply to regular Mint; I have no opinion about the relative security and stability of Ubuntu packages. But to label a security update to Debian Stable (again for the reasons I state above) as "unsafe" or "dangerous" is just nonsense; it is unnecessary for the proverbial users who "know what they're doing" (to use your words) and it does a grave disservice to "less experienced users" (again to use your words). And it does not make much more sense to label in this way updates to other packages in Debian Stable.

I also find it a bit absurd that you see my thinking as "black and white," since that is exactly what I would say about your thinking. Your thinking lacks nuance and sticks to positions as if they always apply in the same manner every time, regardless of the conext; it blindly embraces the mechanical application of the white list that determines levels in the update, as if the white list applies to all situations equally without requiring any knowledge of the specific updates in question; and it implicitly embraces the idea that stability always trumps security no matter how small the stability issue, no matter how few people it affects, and no matter how grave the security issue or how widely if affects all users. It is also based, as I've said, on a total misunderstanding of Debian Stable.

Anyway, we're going in circles. It just seems like you're going to disagree with whatever I say, even if you have to take inconsistent, contradictory, extravagant, and unreasonable positions. And when I acknowledge points that you and others have made, you either don't notice or ignore my acknowledgements, so that you can just keep disagreeing with everything I say. You also don't explain your positions, you just assert them over and over as if they are self-evident and require no explanation or justification. So I don't see the point of further repeating myself. And I can't imagine that you would be doing anything but the same.