Language Selection

English French German Italian Portuguese Spanish

Debian struggling with security

Filed under
Security

Debian is facing difficulties getting timely security updates to users of its Linux distribution due to lack of manpower and software problems.

The issues recently surfaced when Debian released the latest version of its Linux distribution early in June, according to Martin Schulze, a member of the organisation's security team.

That release, Schulze wrote on his blog, caused configuration problems on the server which was responsible for distributing security updates -- and it hasn't been functioning properly since. "Several security updates aren't built on all architectures as they should be," the developer wrote only yesterday. "Currently, it's totally unreliable."

Lack of manpower also appears to be adding to Debian's security woes. Michael Stone, another member of Debian's security team, expressed his frustration to the organisation's security e-mail mailing list in mid-June, saying there was no effective tracking of security problems.

The problems have seen Debian fall behind competitors like Red Hat in releasing updates to widely-used programs. For example, although spam-filtering package SpamAssassin was updated by its creator to fix a remote denial-of-service vulnerability on 6 June, Debian provided the update on 1 July, while Novell's SuSE got the fix a week earlier on 23 June, Gentoo Linux on the 21st and Red Hat's Fedora still earlier on the 16th.

A similar situation occurred when the 'sudo' package needed an update in mid-June. In addition a number of security-related bugs are listed on Schulze's Web site as being unfixed, although the site also notes the data may be inaccurate as it is automatically generated.

Although Debian's infrastructure problems have not been as prominently discussed as the manpower issues on the project's mailing lists, giving some developers more authority is one idea that has been discussed as a way of speeding up the release of security updates.

As one developer put it: "The problem we're currently seeing isn't that the job is hard, but that only a very small number of people have the authority/ability to push the update out."

Another agreed, calling for the size of the security team to be increased from seven to 21.

Source.

More in Tux Machines

Ubuntu and elementary

  • System76 wants to build its own hardware for its Linux-based computers
    System76 is building up quite a name for itself, being one of a very limited number of companies selling only computers running Linux-based operating systems. Now the aim is to branch out; System76 wants to design and build its own hardware, while representing the open source community as it does so. At the moment, the hardware used in System76 systems is outsourced, but in the future this will change. The company says that it is moving into phase three of its development cycle, and this "moves product design and manufacturing in house." And you should set your expectations high: "We're about to build the Model S of computers. Something so brilliant and beautiful that reviewers will have to add an 11 to their scores."
  • AppCenter Spotlight: Beta Testers
    Over the past month we’ve been beta testing the new AppCenter with a number of developers, from elementary OS contributors to backers of our Indiegogo campaign. After testing out the submission process and getting some apps into the store (and seeing rapid updates!), I wanted to take a moment to highlight some of the first apps.
  • elementary OS to get improved AppCenter, showing off a few new applications
    I have to hand it to the elementary OS guys, they have a massive focus on design and it does look quite incredible. It is easily one of the best looking Linux distributions, which I do admire. Their new AppCenter, for example, looks extremely clean and clear.

Beijing Zoo is No Place for Pandas

Pandas in Beijing Zoo
Photo credit: Nick Hopkins

I am a Panda lover. I work as a support engineer in an I.T company here in the United Kingdom. Most of my spare time is spent watching different Panda videos -- both old and new videos. Basically, it is my therapy; a 'stress release' for me. I find them to be adorable and precious creatures. As a matter of fact, I would like to volunteer to come to Sichuan. I want to experience and feel what it's like to be a Panda keeper, to be able to interact with them for real. The Panda is China's National Treasure, so it's a shame to watch the Panda videos from Beijing zoo, as the place is disgusting and not ideal for Pandas to live in (and for sure for all the rest of the animals who unfortunately got stuck in this prison cell).

The place looks like a ghost town. Lifeless and languished. Knowing that Pandas wear a thick fur on their body, can you imagine what it feels for them in 30C or 35C (summer temperature)? What it probably feels like all the time? Come on, if you really care, you must do something now, otherwise these Pandas will die. Please bring them back to their sanctuary where they really belong.

Linux 4.11 File-System Tests: EXT4, F2FS, XFS & Btrfs

With the Linux 4.11 kernel potentially being released as soon as today, here are some fresh benchmarks of Btrfs / EXT4 / F2FS / XFS on a solid-state drive and comparing the performance of 4.11 Git back to Linux 4.9 and 4.10. For those wondering if the block/file-system changes of Linux 4.11 have any impact on EXT4/F2FS/XFS/Btrfs for common I/O workloads or how these file-systems are comparing on this latest kernel, here are some benchmarks. Read more

Today in Techrights