Linux Mint Forums

[nerfman]

Looked around but could not find anything on this topic, except the thread dedicated to users who whine that the repos don't always have the latest and greatest. OK, so my question is similar, but anyway, here goes.

I've been hearing a lot in the news lately about problems with Java. My Mint 14 Mate install is only a few weeks old and is using version "1.7.0_09". There have been several patches since this one and I'm concerned about getting the latest Java on my machine. What is a typical lag time for a Java patch like this to become available via the Update Manager? Is there an issue with just going and getting release 13 via apt-get?

[SiKing]

Since you posted in Newbie Questions, I will assume no prior knowledge.

A perfectly good response to all the "whiners" you mention in your post is: the repos are maintained by volunteers for free in their spare time, usually at the expense of time with their families. If you are not happy with the frequency / speed of updates, why don't you contribute some of your time to keeping the repos up-to-date.

To your other question: I would suspect anything that comes in through apt-get is probably the safest option that you have of installing / updating anything.

[nerfman]

You mis-understood my whiner comment. Quite the contrary, I'm fully aware that this is a volunteer community and thought I was illustrating how unreasonable it is to expect the kind of support one gets from a commercial enterprise with deep pockets. Please don't get the idea that I don't respect the work that goes into creating and supporting these distros. I'm all in with Linux. I have been a full-time Ubuntu user since 2008 and am testing Mint because my machine is older and had some trouble keeping pace after an upgrade to 12.04. So far I am very happy with Mint.

My original question was asked because I am a noob when it comes to Mint and simply wondered about the timeliness of the availability of security-related patches such as the one for recent Java vulnerabilities.

[SiKing]

My wording was/is perhaps bad. I think what I meant was: don't let the whiners give you a false sense of entitlement. Or sumtin' like that.
Mint's parent is Ubuntu - very visible and therefore very much on top security patches. I would even go so far as to suggest they are more reliable in this area that the mighty M$.

[bb333]

Java is a little broad and there are a few versions.

What's included in mint by default (java web plugin) isn't at a huge risk:
https://bugzilla.redhat.com/show_bug.cgi?id=852051#c26

It was stilled fixed:
https://bugzilla.redhat.com/show_bug.cgi?id=852051#c31

[nerfman]

Entering chrome://plugins (in Chrome) gives me a nice list showing the outdated icedtea Java plugin. The link to Download Critical Security Update takes me to the icedtea site where updated versions can be downloaded and built, however, this is where I get out of my comfort zone. I am now outside the Noobville city limits.

Which brings me back to my original question, what is the typical delay between having these patched versions released and getting them into a repo where they can be installed via the package manager? Maybe there is no "typical" delay.