Is this update request legit?

[red-striped-zebra]

Received an update request for linux mint recently, but I haven't updated yet because it came isolated out of the blue and looked really suspicious:

"setuid root xorg server wrapper"

screenshot 1: https://ibb.co/CQgSJBs

The words "Set User ID and Root" put together set the alarm bells off for me. I am not a techie and fairly recent to Linux. All I keep reading is plebs shouldn't mess with root. I decided to put my conspiracy theories aside and ask the tech sleuths here about it (hope no user here shills for governments -- is that impossible though, haha? ...I mean uniquely ID'ing Linux users and getting them in the surveillance fold alongside apple and windows users sounds like a fun hobby for megalomaniacs!)

Also, the file has a funny download link from the linux mint community page. Check the screenshot below. Nobody has even reviewed it, lol. I honestly thought it was planted:

screenshot 2: https://ibb.co/VpgBG2H
The description in the screenshot reads: "This package provides a wrapper for the xorg x server, which is necessary for legacy drivers and non-linux kernels"

Should I go for the update? Please forgive me if you feel my suspicion was stupid!
Also sorry for the blurry screenshots. Think ImgBB reduced quality.

[spamegg]

That's a legit update. I just installed it.

Updates can have confusing looking information because it's written by, and meant for, programmers. I remember one user saying they don't want to install an update because it said "fingerprint". Actually the update was a library for "asynchronous fingerprinting" which is a term used in web development and browsers, not scanning your (physical) fingerprint to access your PC.

So there will be always this kind of "coder lingo" that looks weird. You get used to it.

Instead of looking at those words, check the source of the update in Update Manager. If you look at the left column it can show you if it's a security update, or a software update, and where it's coming from (Ubuntu, etc.)

[SMG]

Received an update request for linux mint recently, but I haven't updated yet because it came isolated out of the blue and looked really suspicious:

You posted a screenshot which shows the update came through Update Manager. Is that not the same place you have received all your updates until now? And have not all your updates come "out of the blue"? Sometimes updates come in groups and sometimes they come individually.

X Server runs the graphics in Linux Mint. That package is an update for something already installed on your computer. It is part of a standard Linux Mint install and no one installs it separately. That is why there are no "reviews" on it.

[Hoser Rob]

This sort od thing pops up here regularly. Linux is much, more modular than Windows, so there are a ton of libraries. I've been using nothing but Linux for about a decade and I still get plenty of updates for software I've never heard of before. Since I avoid questionable software sopurces like many ppas (esp. in blogs) I don't worry about it.

[red-striped-zebra]

That's a legit update. I just installed it.

Updates can have confusing looking information because it's written by, and meant for, programmers.

cool.

I remember one user saying they don't want to install an update because it said "fingerprint". Actually the update was a library for "asynchronous fingerprinting" which is a term used in web development and browsers, not scanning your (physical) fingerprint to access your PC.

I love him. My hero.

So there will be always this kind of "coder lingo" that looks weird. You get used to it.

Instead of looking at those words, check the source of the update in Update Manager. If you look at the left column it can show you if it's a security update, or a software update, and where it's coming from (Ubuntu, etc.)

Thank you so much for your kind and clear explanation. I am grateful to you.

Received an update request for linux mint recently, but I haven't updated yet because it came isolated out of the blue and looked really suspicious:

You posted a screenshot which shows the update came through Update Manager. Is that not the same place you have received all your updates until now? And have not all your updates come "out of the blue"? Sometimes updates come in groups and sometimes they come individually.

X Server runs the graphics in Linux Mint. That package is an update for something already installed on your computer. It is part of a standard Linux Mint install and no one installs it separately. That is why there are no "reviews" on it.

Thanks for the reply, SMG.
I usually use the terminal every now and then (its a straightforward command to remember), unless I am separately reminded of updates via the Update Manager. This one had a strange name, and also came separately after a group of updates received only two days back.

Sometimes updates come in groups and sometimes they come individually.

Yeah, Brave Browser in particular, sends frequent updates. But Brave is trustworthy, so I blindly update. Xorg just looks suspicious!
Anyway, hereon I take it I can safely assume only trusted updates come from the Update Manager, so I don't need to be over-cautious, haha(?)...because like, the good people at Canonical can do no harm through updates!

This sort od thing pops up here regularly. Linux is much, more modular than Windows, so there are a ton of libraries. I've been using nothing but Linux for about a decade and I still get plenty of updates for software I've never heard of before. Since I avoid questionable software sopurces like many ppas (esp. in blogs) I don't worry about it.

Happy to know other Linux converts have had such issues. I am only using the repository for the most, except for Brave Browser which I had to get from the site because the repository apparently has an outdated one(?). Also the Ungoogled Chromium in the repository appears weird as though no one has touched it. I was very interested in using it, anyway...

I have, however, heard good things about Flatpak and I hope those are safe to download from the site itself. Will generally avoid third party.

[SMG]

I usually use the terminal every now and then (its a straightforward command to remember), unless I am separately reminded of updates via the Update Manager.

There's no reason to have to update from the terminal unless it was software you installed through the terminal. All the system updates come through Update Manager.

But Brave is trustworthy, so I blindly update.

Brave, which you installed outside of the operating system, is something you trust more than the operating system? That's an interesting philosophy.

[red-striped-zebra]

I usually use the terminal every now and then (its a straightforward command to remember), unless I am separately reminded of updates via the Update Manager.

There's no reason to have to update from the terminal unless it was software you installed through the terminal. All the system updates come through Update Manager.

Oh, I see. Will keep that in mind. Thanks as always.

Again, I will be using the Update Manager without qualms in the future. I'll see how it goes.

Brave, which you installed outside of the operating system, is something you trust more than the operating system? That's an interesting philosophy.

I do trust the Linux mint community. The parent Ubuntu, not that much.
As for Brave, it is open-source and private (or should I be suspicious because they use the Chromium engine?) However, I am open to suspecting everything on the net these days, Brave included.

[spamegg]

I do trust the Linux mint community. The parent Ubuntu, not that much.

Then you won't have a good time on Mint. Mint is literally Ubuntu, just with custom tools and a desktop environment on top of it. As such, Mint will receive tons of updates from Ubuntu. If you don't trust those you're gonna have a bad time. You can't go about using Mint while being suspicious of every update from Ubuntu, you'll go crazy.

The Mint developers trust Ubuntu/Canonical enough (and remove the parts they don't like/trust, such as Snaps), that it's OK for you to trust the updates from Ubuntu that you receive on Mint's Update Manager.

Or you can go with LM Debian Edition.

[red-striped-zebra]

The Mint developers trust Ubuntu/Canonical enough (and remove the parts they don't like/trust, such as Snaps), that it's OK for you to trust the updates from Ubuntu that you receive on Mint's Update Manager.

Or you can go with LM Debian Edition.

That is good reason to trust LM. The community devs showed they can depart from Ubuntu if required (though I guess security updates will always be from Canonical)

What else can I trust now anyway? Certainly not Windows. Also setting custom Linux such as Arch isn't for non-techies. Will look into the LM Debian edition, thanks. The way I see it going, there will be a mass migration to Linux in the near future and most of them will pick up LM.

[Schultz]

What else can I trust now anyway?

In this day and age, not much.