Releases and other announcements.
Please don't post support questions here
Forum rules
Section reserved for the team. You can reply to announcements here but not post new topics. Do not add support questions to threads here, use the appropriate support forum instead.
ZenBeam wrote:In this thread on Qiana Mate RC, which has since been locked, several of us were wondering how to deal with the Level 5 Security Updates. The Update Manager says Level 5 updates are dangerous packages that can effect stability, but on the other hand, they are Security updates. I don't know whether I should apply these or avoid these.
I agree. A dangerous security update is an oxymoron.
Besides, Mint should not be offering us anything that is dangerous in the first place. What does this mean...it hasn't been properly tested?
Needs fixing.
These level 5 updates are indeed tested but since there are literally an uncountable number of different hardware setups that Linux Mint can be installed on, hardware that can range from new to approximately 10 years old, there's no telling what can happen to some machines so these level 5 update remain unchecked. However, these updates are what you call "point" releases to for the same kernel. (i.e. 3.13.0, .1, .2, .3, etc. Sometimes even 3.13.0-14, 3.14.0-16, etc, etc).
Does not need fixing.
As these updates are tested security updates as well as bug fixes for the kernel as well as for Xorg (for driver problems and such for example), I recommend that users, no matter what their experience may be, install them. However, the choice is yours and there's really no problem whatsoever sticking with levels 1, 2 and 3 only no matter what anyone else may say. Since it's inception, Linux Mint has yet to be compromised either way.
Please see my next comment on this thread for the explanation as to why these level 5 updates are now being shown in MintUpdate in LM 17 LTS.
Last edited by kmb42vt on Fri Jun 06, 2014 11:46 am, edited 1 time in total.
"Humph. Choice, it is the quintessential Linux delusion, simultaneously the source of it's greatest strength, and it's greatest weakness." (All apologies to The Architect)
If anyone really wants to know why this change in the Update Manager (MintUpdate) happened for Linux Mint 17 LTS please read the following "Segfault" post including the associated comment thread:
The links to what happened, who said what and why it was blown (ludicrously) all out of proportion are in the comment thread itself so as I said, if you really want to understand why level 5 updates are now shown but are unchecked in MintUpdate in LM 17, read the whole post and the entire comment thread (there's only 38 comments and the first 10 or so are the most relevant).
"Humph. Choice, it is the quintessential Linux delusion, simultaneously the source of it's greatest strength, and it's greatest weakness." (All apologies to The Architect)
One person's choice is another persons abdication. My point is that a non-expert (and I consider myself a pretty expert linux user and I don't bloody understand it) user isn't going to know what choice to make. It is a dilema and is frustrating. I think it is unreasonable to call an update "security update" and then warn the user against installing it even to the extent of pre-deselecting it. I don't think it is good for the update team to delegate responsibility to the naive end-user to decide whether a security update should be installed or not.
mintybits wrote:One person's choice is another persons abdication. My point is that a non-expert (and I consider myself a pretty expert linux user and I don't bloody understand it) user isn't going to know what choice to make. It is a dilema and is frustrating. I think it is unreasonable to call an update "security update" and then warn the user against installing it even to the extent of pre-deselecting it. I don't think it is good for the update team to delegate responsibility to the naive end-user to decide whether a security update should be installed or not.
Needs fixing. (IMHO)
Well, true enough. But, if you read my next comment I made and the Clem's post that I linked to (right above your response), you'll understand better why this was done. Heh, you'll probably also understand that this was a "Damned if you do, damned if you don't" situation. It was the very reason that the Mint devs did not enable these level 4 and 5 updates in the first place but somebody (an Ubuntu dev) who didn't know anything about Linux mint whatsoever made a very short personal comment alluding to the "lack of security in Linux Mint" and the media got wind of it and blew it all out of proportion--as usual. Hence, level 5 updates are still not enabled but are now shown but not checked.
You can't win for losing.
"Humph. Choice, it is the quintessential Linux delusion, simultaneously the source of it's greatest strength, and it's greatest weakness." (All apologies to The Architect)
It may be a semantic problem. If you tell the user there is a security update they will go into alarm mode. They will not want to be without a security update. Everyone wants maximum security for their computer these days.
What if Mint used different language for kernel updates that the Mint team do not judge important enough to merrit a default inclusion? Don't use the term "security update". Or call them "pending Mint validation" or something. So we can feel we are being looked after.
And I also want to know what happens next. After some time do these deselected kernel updates become a higher, selected level? I mean, after sufficient testing or time has passed? How does this work? The kernel people don't make these changes just for the sake of it...especially ones they call secuirty changes...so at what point do they become "safe"?
hexdef101 wrote:Not to argue with distrowatch (or you for that matter). Looking over the specific distro's listed as including Wine, I notice one package missing from their package list (also supplied). Not one of them include Wine in the package listing. So unless one of the users of solydxk specifically says its included in the standard release (not an alternate version, mind), I will have to doubt the veracity of distrowatch's listing.
I just did a live run of SolydX BE 201405 64-bit, Play On Linux was there by default, which is just another GUI front-end for Wine, so I am pretty sure the 'home' editions which are based on Debian testing will have it too. I don't even know why we are having this conversation, anybody can find most distro package 'manifesto' lists with a little digging, I don't mind helping people and answering questions but not the blatantly lazy.
kmb42vt wrote:
These level 5 updates are indeed tested but since there are literally an uncountable number of different hardware setups that Linux Mint can be installed on, hardware that can range from new to approximately 10 years old, there's no telling what can happen to some machines so these level 5 update remain unchecked. However, these updates are what you call "point" releases to for the same kernel. (i.e. 3.13.0, .1, .2, .3, etc. Sometimes even 3.13.0-14, 3.14.0-16, etc, etc).
The Mintupdater will only apply point releases under the same kernel revision 3.13.0-24-1, 2 etc... It will not apply a different numbered revision i.e. 3.13.0-27 or 3.13.0-27
ZenBeam wrote:In this thread on Qiana Mate RC, which has since been locked, several of us were wondering how to deal with the Level 5 Security Updates. The Update Manager says Level 5 updates are dangerous packages that can effect stability, but on the other hand, they are Security updates. I don't know whether I should apply these or avoid these.
I agree. A dangerous security update is an oxymoron.
Besides, Mint should not be offering us anything that is dangerous in the first place. What does this mean...it hasn't been properly tested?
Needs fixing.
These level 5 updates are indeed tested but since there are literally an uncountable number of different hardware setups that Linux Mint can be installed on, hardware that can range from new to approximately 10 years old, there's no telling what can happen to some machines so these level 5 update remain unchecked. However, these updates are what you call "point" releases to for the same kernel. (i.e. 3.13.0, .1, .2, .3, etc. Sometimes even 3.13.0-14, 3.14.0-16, etc, etc).
Does not need fixing.
As these updates are tested security updates as well as bug fixes for the kernel as well as for Xorg (for driver problems and such for example), I recommend that users, no matter what their experience may be, install them. However, the choice is yours and there's really no problem whatsoever sticking with levels 1, 2 and 3 only no matter what anyone else may say. Since it's inception, Linux Mint has yet to be compromised either way.
Please see my next comment on this thread for the explanation as to why these level 5 updates are now being shown in MintUpdate in LM 17 LTS.
Installing the latest Linux kernel with the Mint update manager worked AFTER a second reboot of the system. First there was mild panicking after staring at the Mint logo for a couple minutes, followed by a hard reset and boot into safe mode. After logging in without a gui and then restarting the system, everything seems normal for now...
I can see why these kernel updates are level 5. It worked without having to reconfigure anything for my system but they aren't for people who don't know how to troubleshoot.
when a new edition of mint with different GE (KDE/Xfce) comes out, do they also include all the updates that were available to download for previous GE editions (MATE/Cinnamon)? Or does one need to download them after installation?
Some distros don't offer upgrades at all, and some distros offer you to upgrade everything blindly.
We identified the following facts:
- When an update is important, we should make sure you're aware of the risk associated with not applying it.
- When an update can go wrong and break your system, we should make sure you're aware of the risk associated with applying it.
Now, as much as some of you would like for the World to be all black and white, well ... it isn't. We're not going to hold your hand and recommend something that only you can decide. Can we afford to pretend all security updates are safe like Ubuntu does and end up with novice users unable to reboot? No, certainly not. Can we afford to bypass anything potentially risky at the cost of not recommending security updates? Well... there's politics involved here, and we've been attacked by our competitors in the past on exactly just that. So no, we can't do that either.
The cold reality here is that some packages are so important within your system, that if a regression is introduced in their update, and if you're not experienced enough to troubleshoot it and re-downgrade you might be in a situation you can't solve. And sometimes, some of these risky updates will also address security updates.
So I'm sorry. I know what you want... a big red sign that says DONT TAKE THAT ONE, or a nice green label that says JUST DO IT. It isn't like that though. If you know anything about security and development you'll understand that it's all about information. Read the changelogs, see what the updates fix, browse the forums for signs of regressions, and make the decision yourself.
If you don't have time to go through updates and assess what they fix and what risks you're taking when applying them, then either apply nothing or everything, but don't blame the tool for putting the decision in your hands.
Sorry if that sounds a bit rude. We've the best policy out there on security vs stability, we don't send users in the wall with a comfortable "click here to dist-upgrade" upgrade tool so it's very frustrating when the rationale is ignored like that and we get flak for not making it trivial for you to break your box.
I'll give you a hint: Regressions happen all the time. Critical regressions are quite rare. Security updates come all the time, security updates you can't do without are quite rare. So in practice, if you upgrade everything blindly, you'll get fixes, many of which you don't need, and a few new bugs, most of which won't annoy you too much. You will take a risk though, and if you're experienced enough to fix things from tty, switch kernels, downgrade packages.. then that's ok. Because on the rare occasion where an upgrade crashes your Cinnamon DE, or worse.. your boot sequence, you'll know what to do. And in practice, if you just don't upgrade anything ... ever... well, you'll keep your security holes, many of which won't matter to you (I'd like everyone to think of the last few security holes they patched on their system and try to find out what that changed for them... in practical terms), you'll keep some bugs that were fixed, and your system will continue to be "good" whereas it could have been "better"... you don't take the risk to break it though. So there you go... as you can see, you can make the wrong decision to always upgrade everything, or to never upgrade anything... or you can spend some time and do some research on the few package updates we flag as both secure and unsafe for you and rely on levels to get the best of both worlds.
I've read people call themselves "security experts" and indulge in "generalities". I've seen people hired as "developers" denying the concept of "regressions". This is very much a question of trust and information. If you trust us, take my word for it when I tell you this: YOU need to decide what is more important between security and stability, and sometimes you need to make that decision on a case by case basis. Next time somebody tells you to ALWAYS or NEVER do something, understand that this person isn't qualified enough to give you advice.
We're doing our best to make a tool which gives you as much information as possible. You're not a target, security is important in theory but you need to weight its cost. As for development, a good developer sometimes breaks a few things when fixing other things, and often breaks a lot of things when writing new things. A bad developer breaks things just as much, but is unaware of the fact that he does, might, or will. Ubuntu's policy is to expose you to constantly run the latest updates, to take the fixes, and if breaks happen, to send you more updates to fix these as well. It works, but there's a risk. We think it's great for IT hobbyist, but we don't think it's great for Joe user. Our policy is different, we do this for updates which are unlikely to affect your hardware, the lower layers of your system and your boot sequence.
I hope this ^^ helps you understand a bit more why we do things the way we do.
Very well said Clem! One of my friends is running Ubuntu 14.04, faithfully applied all updates and is now plagued with multimedia issues! Not every security update applies to the average user, some are for very specific circumstances that would have a very slim chance of effecting for example a home user. The best way to update is through informed decisions.
The updater tool is one of the main reasons I come back to Mint and use Mint for desktop installs. For VMs and my laptop, I use Ubuntu since they are not mission critical.
I'm curious if Clem knows how Mint will handle the point releases 17.1, 17.2 etc... withthe new LTS base? Will the updater offer the Ubuntu hardware enablement stacks?
I am only a couple weeks into my spiral with Linux.. I have tried a few distro's, and had settled down to bouncing back and forth from Mint "cinnamon" to Kubuntu.. While Kubuntu was extremely pleasing eye candy, it was not ergonomic as Mint. Im not only on a mission to learn Linux, but need a workable station to do other task with my system, and Mint provides both.
Security vs stabilization.. This i see, keeps being brought up around the Mint distro. After testing a few other distro's "with a machine around a year old", i can see this in play. The stability of Mint has been quite noticable compared to a few others.. Security.. Well that has been a discussion i have been a part of to many times.. As i am quite proficient with windows, i have run and tested about every security configuration one can possible imagine, and i have even run with no security on windows.. One thing all that had in common, was lack of me being infected.. Why? Because i have developed over the years a safe habit, of downloading, checking files, watching where i click, ect..
This topic has heated many.. I have always said, it does not matter if you are running the strongest security suite on the market, if you have poor habits, you will become infected.. I seen a computer running Comodo "this should tell you", that was "tweaked" for maximum security.. A teenager sat down at it, started downloading games ect, and was clicking allow on all the pop ups from the security, just because he wanted to let the files install, now he has made rules to allow those, and infected the system beyond belief.
Linux, being a breed unto itself, with default security that already surpasses windows, one would be pressed hard to become infected, unless they have poor habits.. So if i was to chose between complete hardened security or a balance of security and stability, it would be the latter for sure.
This being said, im am quite honored to be running Mint, and now a member of this forum.. It is a pure pleasure to be among people that care, and are willing to go the extra mile..
@ the schooled whiners. I learned by trial and error (lots of them, lol) and READING, do lots of reading before you mess up your stuff.
Or you could go back to Windohs and have spyware and license changes snuck in with your 'updates', that's why I love Linux, choice and it works, and oh, it doesn't spy on you or report to corporate partners what you look at on the net, or what software you buy and install.
In a nutshell, computers are a compromise. I truly believe that. Those that desire the most up-to-date packages for the latest features also do so at the possible expense of unfixable bugs [until an update comes out]. I also believe stability and security can at times be at odds with each other.
I am by NO means an expert, but seriously, on that "other OS" how many of us applied updates without actually taking the time to see what they actually address? I know updates breaking things on that other OS is quite rare, but I had a co-worker install an update that completely borked his Windows 7 installation. Although the fix in hindsight was easy [BIOS update], he was not one to update the BIOS (if it aint broke, don't fix it), and it took almost two weeks of searching, reinstalling, etc, until I suggested "he had nothing to lose by trying the BIOS udpate".
Also, I am sure most everyone that knows of or has heard someone brag that "they never applied any updates at all" to that "other OS" and have never been "hacked".
In my other very limited linux experience, I used CentOS 5, and had to install a proprietary video driver in order to get dual monitor support. That worked VERY well, until a kernel update came and after installation of the new kernel, I could no longer boot to a GUI. Although I figured it out [had to reinstall the video driver for the new kernel], as a newbie trying to navigate vi to edit config files to get my gui back was a REAL PITA.
Personally, I am on Mint 17 Cinnamon as my primary OS with all updates applied, except level 4 & 5. I know a recent security vulnerability was discovered in the linux kernel that allows a LOCAL user to poosibly elevate his privaledges to gain root level access to the system. I am not sure since I am running the default Mint 17 kernel if I am at risk of that particular vulnerability, but the key word there is "local". No one uses my computer but me, so I am not worried about it.
As Clem stated, pay a little more attention to what those higher level updates actually resolve and then decide for yourself whether its worth the risk.
And if nothing else, start a thread and ask how to "downgrade" (something I need to learn myself) in case things don't work out like you plan.
-Alan
PS I also believe there is no such thing as a 100% secure computer. I believe computers and security are the never ending "the better mouse & the better mouse trap".
PSS I cannot thank the MINT team enough. GREAT JOB! I really love Mint so much because a) I can really dive into learning the guts of Linux when I get ready/have the time and b) Actually USE the computer and get work done without HAVING to really dive into learning the guts of Linux. My Upgrade path went like this:
Commodore 64->Amiga->put computers on the shelf for 10 years->Win98SE->Win2K->WinXP->Mint 13->Mint 17.
I 've taken the habit of keeping a few VMs with the distros I'm running. Currently Mint 17 cinnamon and kubuntu. I can try out major upgrades in the VM before going and trying them live.
CtrlAltDel wrote:
Thanks for stating that; I wasn't sure what to do with them although I did install them anyway. I was half-way expecting it to cause an issue but, thankfully, all is fine. It's good to know for any further level 5's though.
Don't do it blindly in the future. First you need to see if it's really important or not.
