Java security update availability

All Gurus once were Newbies
Forum rules
There are no such things as "stupid" questions. However if you think your question is a bit stupid, then this is the right place for you to post it. Please stick to easy to-the-point questions that you feel people can answer fast. For long and complicated questions prefer the other forums within the support section.
Before you post please read this

Java security update availability

Postby nerfman on Fri Feb 08, 2013 3:13 pm

Looked around but could not find anything on this topic, except the thread dedicated to users who whine that the repos don't always have the latest and greatest. OK, so my question is similar, but anyway, here goes.

I've been hearing a lot in the news lately about problems with Java. My Mint 14 Mate install is only a few weeks old and is using version "1.7.0_09". There have been several patches since this one and I'm concerned about getting the latest Java on my machine. What is a typical lag time for a Java patch like this to become available via the Update Manager? Is there an issue with just going and getting release 13 via apt-get?
nerfman
Level 1
Level 1
 
Posts: 3
Joined: Fri Feb 08, 2013 2:45 pm

Linux Mint is funded by ads and donations.
 

Re: Java security update availability

Postby SiKing on Fri Feb 08, 2013 4:15 pm

Since you posted in Newbie Questions, I will assume no prior knowledge.

A perfectly good response to all the "whiners" you mention in your post is: the repos are maintained by volunteers for free in their spare time, usually at the expense of time with their families. If you are not happy with the frequency / speed of updates, why don't you contribute some of your time to keeping the repos up-to-date.

To your other question: I would suspect anything that comes in through apt-get is probably the safest option that you have of installing / updating anything.
SiKing
Level 5
Level 5
 
Posts: 576
Joined: Mon Sep 29, 2008 10:57 pm
Location: Las Vegas

Re: Java security update availability

Postby nerfman on Fri Feb 08, 2013 6:06 pm

You mis-understood my whiner comment. Quite the contrary, I'm fully aware that this is a volunteer community and thought I was illustrating how unreasonable it is to expect the kind of support one gets from a commercial enterprise with deep pockets. Please don't get the idea that I don't respect the work that goes into creating and supporting these distros. I'm all in with Linux. I have been a full-time Ubuntu user since 2008 and am testing Mint because my machine is older and had some trouble keeping pace after an upgrade to 12.04. So far I am very happy with Mint.

My original question was asked because I am a noob when it comes to Mint and simply wondered about the timeliness of the availability of security-related patches such as the one for recent Java vulnerabilities.
nerfman
Level 1
Level 1
 
Posts: 3
Joined: Fri Feb 08, 2013 2:45 pm

Re: Java security update availability

Postby SiKing on Fri Feb 08, 2013 7:28 pm

My wording was/is perhaps bad. :oops: I think what I meant was: don't let the whiners give you a false sense of entitlement. Or sumtin' like that.
Mint's parent is Ubuntu - very visible and therefore very much on top security patches. I would even go so far as to suggest they are more reliable in this area that the mighty M$.
SiKing
Level 5
Level 5
 
Posts: 576
Joined: Mon Sep 29, 2008 10:57 pm
Location: Las Vegas

Re: Java security update availability

Postby bb333 on Sun Feb 10, 2013 1:25 am

Java is a little broad and there are a few versions.

What's included in mint by default (java web plugin) isn't at a huge risk:
https://bugzilla.redhat.com/show_bug.cgi?id=852051#c26

It was stilled fixed:
https://bugzilla.redhat.com/show_bug.cgi?id=852051#c31
bb333
Level 2
Level 2
 
Posts: 60
Joined: Wed Jan 23, 2013 3:50 pm

Re: Java security update availability

Postby nerfman on Sun Feb 10, 2013 12:12 pm

Entering chrome://plugins (in Chrome) gives me a nice list showing the outdated icedtea Java plugin. The link to Download Critical Security Update takes me to the icedtea site where updated versions can be downloaded and built, however, this is where I get out of my comfort zone. I am now outside the Noobville city limits.

Which brings me back to my original question, what is the typical delay between having these patched versions released and getting them into a repo where they can be installed via the package manager? Maybe there is no "typical" delay.
nerfman
Level 1
Level 1
 
Posts: 3
Joined: Fri Feb 08, 2013 2:45 pm


Return to Newbie Questions

Who is online

Users browsing this forum: Bing [Bot], gratua and 32 guests