Language Selection

English French German Italian Portuguese Spanish

Debian struggling with security

Filed under
Security

Debian is facing difficulties getting timely security updates to users of its Linux distribution due to lack of manpower and software problems.

The issues recently surfaced when Debian released the latest version of its Linux distribution early in June, according to Martin Schulze, a member of the organisation's security team.

That release, Schulze wrote on his blog, caused configuration problems on the server which was responsible for distributing security updates -- and it hasn't been functioning properly since. "Several security updates aren't built on all architectures as they should be," the developer wrote only yesterday. "Currently, it's totally unreliable."

Lack of manpower also appears to be adding to Debian's security woes. Michael Stone, another member of Debian's security team, expressed his frustration to the organisation's security e-mail mailing list in mid-June, saying there was no effective tracking of security problems.

The problems have seen Debian fall behind competitors like Red Hat in releasing updates to widely-used programs. For example, although spam-filtering package SpamAssassin was updated by its creator to fix a remote denial-of-service vulnerability on 6 June, Debian provided the update on 1 July, while Novell's SuSE got the fix a week earlier on 23 June, Gentoo Linux on the 21st and Red Hat's Fedora still earlier on the 16th.

A similar situation occurred when the 'sudo' package needed an update in mid-June. In addition a number of security-related bugs are listed on Schulze's Web site as being unfixed, although the site also notes the data may be inaccurate as it is automatically generated.

Although Debian's infrastructure problems have not been as prominently discussed as the manpower issues on the project's mailing lists, giving some developers more authority is one idea that has been discussed as a way of speeding up the release of security updates.

As one developer put it: "The problem we're currently seeing isn't that the job is hard, but that only a very small number of people have the authority/ability to push the update out."

Another agreed, calling for the size of the security team to be increased from seven to 21.

Source.

More in Tux Machines

today's howtos

Linux Foundation: Juniper/OpenContrail and Bell Canada at Open Network Automation Platform (ONAP)

  • Juniper Expands Contrail, Moves Open-Source Project to the Linux Foundation
    "Fortunately at Juniper we have a secrect weapon and one that i'm so very proud of and that's Contrail," Rami Rahim, Juniper Networks CEO said during his keynote. "The way we have been investing and innovating in Contrail over the last few years is sort of similar to how a car company would invest in a Formula 1 car, it's essentially a proving ground for the world's best technology." Rahim commented that the use-cases for Contrail so far have been somewhat limited, but that's about to change. "The future of Contrail is as a platform, a single controller that can solve a variety of really compelling use-cases with ease and simplicity," Rahim said. "Whether it's management of overlay and underlay, or SD-WAN connectivity, or multi-cloud fabric management." Juniper originally acquired Contrail in December 2012 in a deal valued at $176 million. In September 2013, Juniper open-sourcedthe Contrail technology, creating the OpenContrail project.
  • Juniper Networks' OpenContrail software defined network joins The Linux Foundation
    The Linux Foundation is far more than just Linux. It's also the home of many open-source networking projects such as the software-defined network (SDN) OpenDaylight, Open Platform for Network Function Virtualization (OPNFV), and Open Network Automation Program (ONAP). Now, networking power Juniper Networks has announced that OpenContrail, its open-source network virtualization cloud platform, will join the others as part of The Linux Foundation.
  • Juniper Moves OpenContrail to the Linux Foundation
    Juniper first released its Contrail products as open source in 2013 and built a community around the project. However, many stakeholders complained that Juniper didn’t work very hard to build the community, and some called it “faux-pen source.”
  • Juniper Moves SDN-Based OpenContrail Project to The Linux Foundation
    Juniper Networks today announced the codebase for OpenContrail, its open source network virtualization platform for the cloud, is moving to The Linux Foundation.
  • Bell Canada says open source ONAP adds modularity, flexibility to its network
    Bell Canada has become one of the first service providers to deploy Open Network Automation Platform (ONAP), focusing its initial attention on automating its data center tenant network provisioning process. By making this transition in its network, the service provider said it will provide its operations teams with a new tool to improve efficiency and time to market. This is the first step in using ONAP as a common platform across Bell’s networks on its journey towards a multipartner DevOps model.
  • Bell Canada First to Deploy Open Source ONAP in Production
    Canadian communications provider Bell is the first organization to deploy an open source version of the Open Network Automation Platform (ONAP) in a production environment. The milestone was noted in a blog post by Arpit Joshipura, general manager of networking and orchestration with the Linux Foundation.

Software: Everdo, GIMP, Notepadqq

  • Everdo – A Todo List and Getting Things Done App for Linux
    Everdo is a modern and beautifully-designed Electron-based task management application with which you can keep track of your work using tags, project folders, smart filters, and schedules. It doesn’t need a cloud account to work so your data will remain save on your PC. Everdo features a modern and minimalist User Interface with an extremely clean, clutter-less, and uniform design in order to enhance speedy and distraction-free productivity.
  • GIMP 2.9.8 Released with On-Canvas Gradient Editing, Better PSD Support
    GIMP 2.9.8 has been released with on-canvas gradient editing, better handling of Adobe Photoshop PSD files, and support for those using GIMP on Wayland.
  • GIMP 2.9.8 Released With On-Canvas Gradient Editing, Wayland Support
    GIMP 2.9.8 has been released as the newest development version of this widely-used, open-source Photoshop-like program in its road to GIMP 2.10. Earlier this week I happened to highlight many of the changes building up for GIMP 2.9.8 as featured in A Lot Of Improvements Are Building Up For GIMP 2.9.8, Including Better Wayland Support.
  • Getting started with the Notepadqq Linux text editor
    I don't do Windows. The operating system, I mean. At least, not on my own computers and not with any of my own work. When I was a consultant, I often had to work out of my clients' offices, which meant using their hardware, which also meant using Windows at many of those offices. Even when using Windows, I tried to install as much open source software as I could. Why? Because it works as well as (if not better than) its proprietary equivalents. One of the applications I always installed was Notepad++, which Opensource.com community moderator Ruth Holloway looked at in 2016.

Getting started with the Notepadqq Linux text editor

I don't do Windows. The operating system, I mean. At least, not on my own computers and not with any of my own work. When I was a consultant, I often had to work out of my clients' offices, which meant using their hardware, which also meant using Windows at many of those offices. Even when using Windows, I tried to install as much open source software as I could. Why? Because it works as well as (if not better than) its proprietary equivalents. One of the applications I always installed was Notepad++, which Opensource.com community moderator Ruth Holloway looked at in 2016. Read more