Questions about Kernel and kernel updates

[Pjotr]

Oh that, haha. Well, run this command and you're probably in for a shock:

Code: Select all

cat /etc/apt/sources.list.d/official-package-repositories.list

[red-striped-zebra]

Oh that, haha. Well, run this command and you're probably in for a shock:

Code: Select all

cat /etc/apt/sources.list.d/official-package-repositories.list

I am! Even a security update itself is via http. Exactly why is that though?

[Pjotr]

It has been a heavily debated thing for years.... See for example this Askubuntu topic (with workaround):
https://askubuntu.com/questions/352952/ ... ps-version

Personally, I haven't bothered to work around it yet. Too lazy. It's probably rather unimportant anyway, and the workaround might perhaps cause issues of its own.

[Termy]

cause you posted an http(not secure) link to the ubuntu changelogs, in the second post.

From what little I understand about HTTPS, it's very easy for anyone to set it up and get a certificate, so a site being HTTPS doesn't mean it's definitely legitimate. HTTPS apparently doesn't quite mean as much as it's portrayed. Also, I assume the page is more about text and not about submitting sensitive information, for example, thus it wouldn't really matter if things are encrypted or not. I'd welcome a correction though, as this ain't my area.

[stevengarland]

The rest of the question is why qre you using Mint 20.3?

[Termy]

Even a security update itself is via http. Exactly why is that though?

Packages are digitally signed with GPG. It's a fairly solid system, as I understand it. You can use HTTPS, provided the mirror supports it, but I don't think it's necessary.

The rest of the question is why qre you using Mint 20.3?

If you're referring to its age, it's still supported until April 2025 (cit).

[red-striped-zebra]

Too lazy. It's probably rather unimportant anyway, and the workaround might perhaps cause issues of its own.

goodness me, you people!

The rest of the question is why qre you using Mint 20.3?

Because it runs as smooth as a pro-skater on an ice-rink. <3
21.1, OTOH seems very buggy from the number of complaints people make here, and I don't want to keep getting interrupted when using my machine

From what little I understand about HTTPS, it's very easy for anyone to set it up and get a certificate, so a site being HTTPS doesn't mean it's definitely legitimate. HTTPS apparently doesn't quite mean as much as it's portrayed.
...
packages are digitally signed with GPG. It's a fairly solid system, as I understand it. You can use HTTPS, provided the mirror supports it, but I don't think it's necessary.

reads like a nerd defending nerdism. You must be a techie and love tinkering around with security(!).

For the rest of us though, If some technology is outdated and the whole world has moved on to the newer one, we would; plus anyone can set it up as you say, then one would think that an important OS like ubuntu should have by now.

[Termy]

reads like a nerd defending nerdism. You must be a techie and love tinkering around with security(!).

For the rest of us though, If some technology is outdated and the whole world has moved on to the newer one, we would; plus anyone can set it up as you say, then one would think that an important OS like ubuntu should have by now.

I'm not sure my character or how I spend my time is at all relevant to whether HTTP is acceptable or not, nor why you seemed to dismiss what I'm fairly sure is a viable answer to your question. I'll reword: APT is in all likelihood acceptable with HTTP mirrors, because packages are cryptographically signed. You can use HTTPS mirrors, if you want and if the mirror (AKA: server) supports it, just as you can choose to install a different browser.

If by HTTP being outdated you mean that it's no longer relevant, then I'm almost certain that's incorrect, but a simple trip to your search engine of choice would probably lead to more concrete answers. I would argue that HTTP is a perfectly acceptable protocol where appropriate, just as peddle bikes are perfectly acceptable modes of transport, despite buses and trains being available.

Lastly, before I head off, please remember that not understanding what someone is saying, does not require that they are wrong or that you are right; in-fact, I think this comes under something called confirmation bias, since you're dismissing an opposing view, not considering all of the facts, and only paying attention to that which supports your view.

[Rosko]

reads like a nerd defending nerdism. You must be a techie and love tinkering around with security(!).

For the rest of us though, If some technology is outdated and the whole world has moved on to the newer one, we would; plus anyone can set it up as you say, then one would think that an important OS like ubuntu should have by now.

I'm not sure my character or how I spend my time is at all relevant to whether HTTP is acceptable or not, nor why you seemed to dismiss what I'm fairly sure is a viable answer to your question. I'll reword: APT is in all likelihood acceptable with HTTP mirrors, because packages are cryptographically signed. You can use HTTPS mirrors, if you want and if the mirror (AKA: server) supports it, just as you can choose to install a different browser.

If by HTTP being outdated you mean that it's no longer relevant, then I'm almost certain that's incorrect, but a simple trip to your search engine of choice would probably lead to more concrete answers. I would argue that HTTP is a perfectly acceptable protocol where appropriate, just as peddle bikes are perfectly acceptable modes of transport, despite buses and trains being available.

Lastly, before I head off, please remember that not understanding what someone is saying, does not require that they are wrong or that you are right; in-fact, I think this comes under something called confirmation bias, since you're dismissing an opposing view, not considering all of the facts, and only paying attention to that which supports your view.

+1

[red-striped-zebra]

I'm not sure my character or how I spend my time is at all relevant to whether HTTP is acceptable or not, nor why you seemed to dismiss what I'm fairly sure is a viable answer to your question. I'll reword: APT is in all likelihood acceptable with HTTP mirrors, because packages are cryptographically signed. You can use HTTPS mirrors, if you want and if the mirror (AKA: server) supports it, just as you can choose to install a different browser.

If by HTTP being outdated you mean that it's no longer relevant, then I'm almost certain that's incorrect, but a simple trip to your search engine of choice would probably lead to more concrete answers. I would argue that HTTP is a perfectly acceptable protocol where appropriate, just as peddle bikes are perfectly acceptable modes of transport, despite buses and trains being available.

Lastly, before I head off, please remember that not understanding what someone is saying, does not require that they are wrong or that you are right; in-fact, I think this comes under something called confirmation bias, since you're dismissing an opposing view, not considering all of the facts, and only paying attention to that which supports your view.

Oh, please don't be offended. It was meant as a tongue-in-cheek compliment, is all.
(I often forget that on the internet, people from some other culture might take such a remark as a personal attack)

tbh, the times we are in, I wish I were a Linux/computer nerd; then I wouldn't be as easily discouraged as I am when I face issues. But I lack any authentic inclination for these things, such as tinkering with software, etc.