Update Manager: Some improvements not carried through to Mate.

[Eridanus7]

At
https://www.linuxmint.com/rel_serena_ci ... atsnew.php (18.1)

Under Update Manager it states;-

"Kernel updates in the main view are shown with more clarity than before and their version is made more prominent."
and
"In the kernel window, kernels are now sorted by version and recommendations are given for both the most stable and the most secure kernels."

Image shows "Installed" "Active" "Most stable recommendation" and "Most secure recommendation"

None of this has appeared in the LTS Sonya 18.2 Mate version.

Will these "recommendations" ever appear in Sonya Mate?

[catweazel]

I don't see the problem...

[Schultz]

It doesn't show the "Most stable recommendation" and "Most secure recommendation." (That really doesn't matter to me though; I always upgrade when a newer kernel is released.)

[catweazel]

It doesn't show the "Most stable recommendation" and "Most secure recommendation." (That really doesn't matter to me though; I always upgrade when a newer kernel is released.)

Ah, ok. Thanks.

[Pjotr]

The latest kernel is always the most secure, because (with some very rare exceptions) *all* kernel updates contain security fixes.

[Eridanus7]

Hi Pjotr

Ah but, if one was new to Mint 18.2 which latest kernel of the 4 groups available in update manager 4.4, 4.8, 4.10 or 4.11 is the most secure ?

Furthermore, some aspects of the Update Manager have become less user friendly. For example, in Mint Rosa (17.3) Mate one can find all installed kernels with one click on a tab. Whereas in Mint Mate 18.2 it takes at least 4 clicks and some sidebar scrolling.

Or use the terminal with

Code: Select all

dpkg --list | grep linux-image

To be fair to the Mint developers, the legal eagles may have had a hand in removing the statements "recommended" and "most secure recommendation".

I would be interested to hear Xenopeek's views as he had an interest in such notifications in the past.

I wonder if an official Mint reply will answer;-
Will these "recommendations" ever appear in Sonya Mate?

[Pjotr]

If you're currently on the 4.4.x, you'll only get to see updates for the 4.4 series.... And if you're on 4.8.x, 4.10.x or 4.11.x, when any of those reach EOL, you'll automatically see updates for the next higher series which is still supported. As has already happened for the dead 4.8 series.

So the "most secure" issue has already been addressed by the current technical procedure.

Remains the "most stable" label. I don't think that label ever was very useful in real life, so I don't miss it....

The "best practice" for stability is, as always, to stick to the kernel series with which your Mint version was issued (systems with hardware problems excepted). And only upgrade to a higher series if EOL is in sight, which is being presented to you automatically.

So "best practice" is already the default. What more can we wish for?

[Eridanus7]

As the Update Manager updates Kernels and Mint Applications, does this work;-

Linux Mint 18.2 is based on Ubuntu 16.04 and was released with the 4.4 kernel, supported until April 2021 see https://wiki.ubuntu.com/Kernel/RollingL ... ementStack
Mint 18.2 is a long term support release which will be supported until 2021, see
http://blog.linuxmint.com/?p=3289

So, following Pjotr, 18,2 users install and update this kernel at every release of any new 4.4 ver.

This gives the user both kernel and Mint application updates until 2021 and a stable & secure system.

The only exception being "systems with hardware problems", for which one may try other kernels.

After April 2021 when the kernel and Mint 18.2 are no longer supported one must upgrade to a supported version of Mint to maintain application and kernel security.

Looking at Mint 17.3, a Long term support release supported until April 2019. We find it was released with the 3.13 kernel (14.04.)

After April 2019 one can upgrade the kernel to 4.4 version and continue to get kernel security updates. However, there would be no Mint applications security updates as support for 17.3 has ceased.

Not the most secure system if it only has kernel security updates and application updates have been dropped.

Is this right or have I got wires crossed somewhere?

[Pjotr]

The need for higher kernel series stems mainly from the need for new drivers. Old kernels don't contain the necessary support for new hardware. So you need point releases of Mint, which support new hardware out of the box....

That's why it isn't desirable to release Mint 18.2 and 18.3 with the LTS 4.4 kernel series.

[Eridanus7]

That's why it isn't desirable to release Mint 18.2 and 18.3 with the LTS 4.4 kernel series.

That's fine but, does it not lead to a situation where support for the kernel used might abruptly end without the Mint user being aware.

For example, take the case shown in https://wiki.ubuntu.com/Kernel/LTSEnablementStack under 14.04. Here the kernels 3.16 and 3.19 had support ended in Aug 2016.

How would a Mint user running one of these kernels know that kernel security updates had ceased ?

Mint surely does not expect a user to scour the Ubuntu forums to find such information.

Thus some notification, such as "Kernel x.xx is no longer supported with security updates" should be given in the update mgr.

Just displaying the word "Active" is not really "user friendly", is it.

[MintBean]

Personally I think the implementation of kernel updates is a weak point in the Mint armoury. There are really only two sane options for any online system:

1)Stick with the LTS kernel and always update to the latest release of it.
2)Use the newest kernel (for compatibility with newer hardware). Always update to the latest release AND when the kernel is end of life, update to the newer kernel series that replaces it.

In case 2, the interim kernels go end-of-life (i.e. not security updates) before the Mint release does, hence the need to update to new series.

Mint could simplify this massively:
1)User selects one time LTS or Latest - with a hint that LTS is preferred unless you are having problems with recent hardware.
2)Update manager only offers kernels in line with this selection - with a little reminder why e.g. This is the latest security patch for your chosen LTS kernel.

The kernel list could also use a few more labels, e.g. 'This kernel series is supported for the full life of Linux Mint.'

[Pjotr]

How would a Mint user running one of these kernels know that kernel security updates had ceased ?

Because they're being offered the latest kernel from the next supported series when this happens.

That's how it occurred for 18.2 installs with its default, now dead, 4.8 kernel series. 4.10 was being offered as a level 4 update.

[Eridanus7]

Because they're being offered the latest kernel from the next supported series when this happens

.

I take the point. However, being "offered" is not the same as being told why one should accept the offer. Could be very important where security is concerned.

This thread started about "Improvements in Update Manager" that was missing notifications.

So, would you agree that there should be some "notification" attached to the "offer"?

[Pjotr]

Because they're being offered the latest kernel from the next supported series when this happens

.

I take the point. However, being "offered" is not the same as being told why one should accept the offer. Could be very important where security is concerned.

This thread started about "Improvements in Update Manager" that was missing notifications.

So, would you agree that there should be some "notification" attached to the "offer"?

It's a level 4 update with the "security update" exclamation mark....

[Eridanus7]

Hah, that's not a notification that's a threat!

Level 4: "Unsafe updates. Could potentially affect the stability of the system.

By "some notification" I meant a clear worded statement in the users language.

Which was where we came in at the beginning of this thread.

Some words selected from the Linux Mint 18 Official User Guide
The purpose of Linux Mint is to provide a desktop operating system that home users
can use and is easy to use.

I'm not sure that the average home user would regard

a level 4 update with the "security update" exclamation mark

as easy to interpret. A statement like "This kernel should no longer be used" is far more likely to be understood by the average home user (like me.)

With all due respect, Pjotr, you with your extensive knowledge of Linux does not seem to make you the best person to create a clear, easily understood user friendly notification.
But I do like your tips

[Schultz]

There's got to be a better way than the current situation. Every so often there's a new post here on the forums about "should I upgrade from 4.8 to 4.10" (and I'm sure we'll see the same thing once the kernel for the yet future 18.3 becomes EOL). Usually the poster doesn't even know that 4.8 is EOL. I know some here may not like this, but I think that once a kernel series is EOL it should be removed from the kernel list. However I can see some reasons why that might not be a good idea.

[smurphos]

Level 4: "Unsafe updates. Could potentially affect the stability of the system.

I think the current level 4 description in version 5.2.9 of update manager which is a little less off-putting is...

Apply one by one. Impact on sensitive parts of the system.

The Update Manager also includes a well-written and comprehensive helps section. This is what it has to say about Level 4 Updates.

Level 4 updates are updates which affect sensitive parts of the operating system such as:

The boot sequence
The display manager (login screen, session management)
The kernel (hardware support)
The drivers (networking, NVIDIA/AMD)
The display (Xorg, mesa)

Like other updates, all level 4 updates are recommended, especially if they are security updates.
However, if a critical regression was present in one of these updates it could impact a sensitive part of your system.
You could find yourself without a connection to the Internet, without the ability to start the desktop environment or even without the ability to boot the operating system.
For this reason you should always be careful when applying level 4 updates (including kernel updates). Apply them one by one and take note of the versions you're applying.
If something breaks, seek help on the forums or the chat channel and tell people which update caused the regression and what is broken.
If you blindly apply hundreds of updates and you're unable to pinpoint the problematic one, you're unlikely to find help. All level 4 updates are recommended but you are expected to be cautious and to know what you are upgrading.

There is also of course the changelog available for updates that can be reviewed. There's got to be a point where there is too much hand-holding'

I do agree that EOL kernel series should labelled as such as should potentially unstable series (4.11 is effectively beta right now).

What I do think Linux Mint could do better is provide links to relevant Ubuntu documentation either in the Mint documentation or directly from the update manager.

https://usn.ubuntu.com/usn/xenial/ for example is an essential bookmark for any user of a 16.04 derivative distro IMHO

It doesn't help that recent changes to how long Ubuntu support HWE kernel series throughout the life of a LTS release basically mean that the received wisdom of avoiding changing kernel series unless you need to for hardware compatibility is no longer correct unless you are still on the original LTS kernel series (4.4 in the current case).

[Hoser Rob]

The newest kernel may be the most secure but it can also break things. Well, I suppose it's VERY secure if it's unuseable ...

[Eridanus7]

smurphos wrote
I think the current level 4 description in version 5.2.9 of update manager which is a little less off-putting is...

Apply one by one. Impact on sensitive parts of the system.

Now that's what I call a notification. It comprises of two parts - 1) an instruction on how to be careful and 2) information.

I like the help section shown for version 5.2.9 that is much improved over the help section in my Update Manager in Mint 17.3, which is not 5.2.9. I note that 5.2.9 is in Mint 18.2.

So, perhaps I should amend the topic to "Some improvements not carried through" and say "sorry" to the mintUpdate maintainer

This does highlight some of the things that clear security notifications might address.

I am using Mint 17.3 & kernel 3.13.0-latest. I expect to use this until almost EOL of 17.3, Apr 2019. Why, because it's run on a small Ion 330 Pro with an Intel Atom Dual core CPU & Nvidia ION graphics. I have 2 of these in the household and when 18.2 Mate was tried it was noticeably slower, and 18.2 Xfce was not really any better. Both with small SSD's incidentally. (Yes, I have been through all of Pjotr's tips to slim & speed up)

There will be some users, like me, who will not be using the very latest release on all their machines.
Thus one cannot assume that security notes for the latest version will make sense to all.

Might any relevant improvement notes / links, like those given by smurphos or mintbean, be put in a subforum labelled "Mint Recommends" or some appropriately named area. This would then cover all users. Another example might be Pjotr's tip about removing Mono because of it's Microsoft links - https://sites.google.com/site/easylinux ... mate-first

Apparently it's not just me who thinks that Mint communications regarding security could be made clearer, MintBean, Schultz and smurphos all have all come up with a similar appraisal.