Language Selection

English French German Italian Portuguese Spanish

Debian struggling with security

Filed under
Security

Debian is facing difficulties getting timely security updates to users of its Linux distribution due to lack of manpower and software problems.

The issues recently surfaced when Debian released the latest version of its Linux distribution early in June, according to Martin Schulze, a member of the organisation's security team.

That release, Schulze wrote on his blog, caused configuration problems on the server which was responsible for distributing security updates -- and it hasn't been functioning properly since. "Several security updates aren't built on all architectures as they should be," the developer wrote only yesterday. "Currently, it's totally unreliable."

Lack of manpower also appears to be adding to Debian's security woes. Michael Stone, another member of Debian's security team, expressed his frustration to the organisation's security e-mail mailing list in mid-June, saying there was no effective tracking of security problems.

The problems have seen Debian fall behind competitors like Red Hat in releasing updates to widely-used programs. For example, although spam-filtering package SpamAssassin was updated by its creator to fix a remote denial-of-service vulnerability on 6 June, Debian provided the update on 1 July, while Novell's SuSE got the fix a week earlier on 23 June, Gentoo Linux on the 21st and Red Hat's Fedora still earlier on the 16th.

A similar situation occurred when the 'sudo' package needed an update in mid-June. In addition a number of security-related bugs are listed on Schulze's Web site as being unfixed, although the site also notes the data may be inaccurate as it is automatically generated.

Although Debian's infrastructure problems have not been as prominently discussed as the manpower issues on the project's mailing lists, giving some developers more authority is one idea that has been discussed as a way of speeding up the release of security updates.

As one developer put it: "The problem we're currently seeing isn't that the job is hard, but that only a very small number of people have the authority/ability to push the update out."

Another agreed, calling for the size of the security team to be increased from seven to 21.

Source.

More in Tux Machines

So the 'Year of Linux' never happened. When is it Chrome OS's turn?

The year of Linux desktop was a running joke. The concept of Linux being ready for the mainstream with users confidently running it on their desktops, sadly, never happened. Some bravely pushed the idea: the latest being Canonical with a more macOS-like desktop, easier to configure and use than the standard Linux distro. It came with an app-store concept too. Read more

Servers: Docker, Red Hat and InfluxData

Laptops: Chrome OS and System76

  • Chrome OS Gets Material Design for "Do Not Disturb," Android-Like Screenshots
    Chromium evangelist François Beaufort is sharing today information on a new Material Design refresh for Google's Chrome OS' "Do Not Disturb" mode, which landed in the latest Chrome Canary channel. According to the developer, the Material Design refresh for the "Do Not Disturb" mode will make the Notification Center look nicer, but also consistent with the Android user experience. Those using the Chrome Canary experimental channel can give it a try right now.
  • System76 'Lemur' and 'Galago Pro' Ubuntu Linux laptops get 8th gen Intel Core CPUs
    The famed Linux-laptop seller also says, "The Lemur you know and love is now even better with the Intel 8th Gen Coffee Lake CPU with 4 cores and 8 threads, allowing you to multitask up to 40-percent faster. The slim, 3.6 lb laptop with impressive 14.1-inch 1080p IPS display is still your perfect travel companion; easy to carry from meeting to meeting or across campus." New processors aside, these laptops should be pretty much identical to prior generations -- which is a very good thing. If you want to configure a Lemur with a Coffee Lake chip, you can build your own here. A Galago Pro with an 8th Gen Intel Core processor can be configured here.

Events: Open Source Summit Europe, LibrePlanet 2018