LMDE security updates

Archived topics about LMDE 1 and LMDE 2
Level 1
Level 1
Posts: 1
Joined: Wed Mar 28, 2012 8:12 am

LMDE security updates

Post by pazevedo »

I've been reading a few other posts about the upgrading process on LMDE, and there are a few problems here and there, but I always thought these problems would just affect 'regular' updates, I always though that security updates would be on par at least with ubuntu, what I keep reading more and more are concerns about the security of LMDE, when there isn't an update package there are apparently no security updates either. This is shocking to me.
First, can someone confirm if this is indeed the case?
If so, are there any plans to change the way security updates are handled on LMDE?

PS: Anyone, ever so helpfully, trying to suggest a change in distribution is invited to invest his/her time posting on some other thread.
Level 1
Level 1
Posts: 13
Joined: Sat Sep 24, 2011 6:39 pm

Re: LMDE security updates

Post by ElderDryas »

Don't bother asking about "security" in the LM/DE forum(s)...all you are going to get is fanbois shouting: 1) Clem Knows Best (tm), 2) Change your sources or 3) Try another distro.

But to answer your question, I'd look at zerozero's excellent post: http://forums.linuxmint.com/viewtopic.php?f=197&t=91405 Section Two, Q1
User avatar
Level 25
Level 25
Posts: 25363
Joined: Wed Jul 06, 2011 3:58 am
Location: The Netherlands

Re: LMDE security updates

Post by xenopeek »

I wasn't fully clear on this either :) As the LMDE FAQ answers, if security updates are the utmost important to you, you should use Debian stable instead. zerozero was kind enough to answer my questions on this. I hope that with below addition to the LMDE FAQ section that ElderDryas was kind enough to link you to, you have a better understanding of how security updates are handled. Recall that a default LMDE installation is using Debian testing repositories (though buffered, to allow for testing time to increase stability).

How does Debian testing handle security updates?
  • Debian testing doesn't have a security team as you see for example in Debian stable (or in other distros); and why? the changes are so fast that it doesn't make sense (any possible security breach will be covered by the next version - in 2, 5 or 10 days);
  • in very special situation (when the problem is too big or the maintainer doesn't respond in time) Debian has NMU (non maintainer's uploads) mostly used to cover these issues;
How does LMDE handle security updates?
  • if you are using the UP [Update Pack] you have a buffer from updates from Debian testing (and here is the possible problem): this last UP (UP3 to UP4) was unusually long (all the others were delivered in the one month(ish) time-frame)
  • Clem has stated it the past that if a security issue is important enough that it requires immediate action, LMDE developers can push it via the LM repos, or even trigger a new Update Pack just to pick it up. (http://forum.linuxmint.com/viewtopic.ph ... =0#p491421)
You can review the LMDE FAQ for options to have LMDE use a different repository, so as to increase the frequency of updates (not just security), at the expense of possible decreased stability. Using Debian testing is a two-edged sword :wink: