Page 1 of 1

Rethinking update manager strategies concerning serious vunerabilities

Posted: Mon Oct 24, 2016 9:07 am
by Turin231
The dirtyCow bug made me think a bit about the update manager strategies. Such serious exploits need to be patched up no matter what the users expertise is.

The current default strategy on the update manager does not push the patched verion of the 4.4 kernel and leaves it to the user. I know that Mint wants to find a balance between stability and security but many inexperienced users may not update this patch manually just because they will find updating a kernel as an intimidating task (even though it is not really). But a security update on the same kernel version is much safer than actually updating the kernel to a new one and the security benefits are important for all users. I think that the default strategy on the update manager needs to also update all security updates even on kernels. Or at least mark and push the most important and serious ones like the dirtyCow patch for example. It is really not too much of a stability issue. Only issue i can think is that if you have the AMDGPU-PRO installed you need to remove it before the security update and reinstall it. And probably this will be streamlined in the future.

Or at least change the wording on the update manage so that it does not make a security update on a kernel sound more of a serious and stability risky task than it actually is, while stressing how important they can be for security?