Linux Mint Forums

[rop75]

Hi,

First, I am sorry for my poor English.

I have just installed LMDE I have tweaked it and I really like the way it looks and works now (I have Ubuntu 12.04 in another partition, and i tried Linux MInt Main Edition but I found there was not point in having Ubuntu and LM main edition in the same laptop as they are very similar and I wanted to try a more challenging distro to learn more about Linux).

However, I have a question about the LMDE's update system. I decided to keep the default source.list (using the latest repos) because I am a bit "clumpsy" and I don't want to break my great looking brand new LMDE. And my question is: How secure is using the latest repos?.

One of the biggest problems concerning Microsoft Windows is that if one critical bug is found on day 15 th may, it won't be fixed until the new Windows Update pack is released (these windows update packages are usually released on the second Tuesday of every month), this Microsoft's update policy compromises the user's system safety for three long weeks. One of the things that make Linux safer than Windows is that when one bug or vulnerability is found, it is quicky fixed and you don't need to wait for three weeks to see your system fixed.

As far as I know (and I might be wrong, that is why I am asking), the LMDE's update system (the system is ONLY updated when the update packs are released every four - six weeks) is quite similar to the Windows' one, and my question is: If today a critical vulnerability concerning the kernel, Gnome or any other part of LMDE is found, and the patch for this vulnerability is released in Debian testing repos tomorrow, when will the LMDE users (using the latest repos) receive that patch?, tomorrow or in four or five weeks when the next update pack is released?. Depending on your answers I will switch to testing repos because I don't mind waiting a few weeks (till the next UP is released) to use the Firefox 13, or Gnome 3,4 because that makes my system more "debbuged"; but I don't want to compromise my system by using a windows-like update system.

Thank you for your answers.

[zerozero]

take a look at this topic http://forum.linuxmint.com/viewtopic.php?f=198&t=98260 and a couple links included in there

[rop75]

Thanks for your quick answer, and thanks for your fantastic LMDE FAQ.

I must say that I also disagree with this statement "We’ve always favored stability over security", I find this is a reckless policy, but that is not a problem as long as LMDE is compatible with Debian repos (I will always favor security over stability and if the system becomes unstable "saint" clonezille will always be there to save me).

[zerozero]

- lmde is 100% compatible with testing repos;
- debian testing is going now (june) into deep-freeze, preparing the new stable release (due around fev. next year), so until then both lmde and testing will be reliable and stable.