Language Selection

English French German Italian Portuguese Spanish

Debian addresses security concerns

Filed under
Linux

The organization's security team has issued a host of announcements and informed the community it has resolved problems with the infrastructure governing security updates.

"There were several issues with the security infrastructure after the release of Sarge [aka Debian 3.1] that led to the Debian security team being unable to issue updates to vulnerable packages. These issues have been fully resolved, and the infrastructure is working correctly again," it said in a statement issued this afternoon.

Debian's elected leader Branden Robinson yesterday flagged an inquiry into the processes by which security updates are released, citing a potential lack of transparency and communication failures.

It was also an appropriate time to add new members to Debian's security team, as several have been inactive for a while, Robinson said in an e-mail to developers. He admitted the organisation had been "sluggish" in the area recently and said the focus would now be on ensuring Debian was not plagued with such problems again.

He said an inquiry -- to be conducted by developer Andreas Barth -- would allow the organisation to attack weak points.

"One thing I'd like to see is better documentation of the internal workings of the security update process," he wrote. "With a broader understanding of the security workflow, I'm hopeful that people will be less likely to draw erroneous inferences about what the causes of problems are, and more likely to make offers of assistance that prove fruitful."

Robinson said he expects to spend a lot of time talking about the security issue to Debian developers and representatives of the user community at the upcoming sixth annual Debian developer conference on July 10 in Helsinki, Finland.

"Many people have stepped forward in public or in private to offer us assistance with ensuring that this problem does not recur," he said, "and that Debian upholds its valuable reputation as a consistent provider of timely security updates to its users."

"I regret the interruption of this service, but with so many people determined to apply their skills to this facet of our responsibilities, I'm confident that we can prevent its recurrence."

Robinson said after "extensive conversations with many people", he suspected two factors were at the heart of Debian's security woes.

Firstly, he said the security team had not been given enough manpower to deal with the demands being placed on it. In addition, there was a failure in the process of actually distributing security updates that were ready to go out.

In the statement issued this afternoon, Debian warned users against installing packages from the "sarge-proposed-updates" suite, as some Web sites had been advocating as a temporary fix before official updates became available.

"Those packages are currently under development and may not work properly," the statement said. "In addition, those packages may not provide users with timely security fixes."

By Renai LeMay
ZDNet Australia

More in Tux Machines

GNOME Desktop: Flatpak and Random Wallpaper Gnome Extension

  • Flatpak in detail, part 2
    The first post in this series looked at runtimes and extensions. Here, we’ll look at how flatpak keeps the applications and runtimes on your system organized, with installations, repositories, branches, commits and deployments.
  • Flatpak – a history
    I’ve been working on Flatpak for almost 4 years now, and 1.0 is getting closer. I think it might be interesting at this point to take a retrospective look at the history of Flatpak.
  • Random Wallpaper Gnome Extension Changes Your Desktop Background With Images From Various Online Sources
    Random Wallpaper is an extension for Gnome Shell that can automatically fetch wallpapers from a multitude of online sources and set it as your desktop background. The automatic wallpaper changer comes with built-in support for downloading wallpapers from unsplash.com, desktopper.co, wallhaven.cc, as well as support for basic JSON APIs or files. The JSON support is in fact my favorite feature in Random Wallpaper. That's because thanks to it and the examples available on the Random Wallpaper GitHub Wiki, one can easily add Chromecast Images, NASA Picture of the day, Bing Picture of the day, and Google Earth View (Google Earth photos from a selection of around 1500 curated locations) as image sources.

today's howtos

KDE: QtPad, Celebrating 10 Years with KDE, GSoC 2018

  • QtPad - Modern Customizable Sticky Note App for Linux
    In this article, we'll focus on how to install and use QtPad on Ubuntu 18.04. Qtpad is a unique and highly customizable sticky note application written in Qt5 and Python3 tailored for Unix systems.
  • Celebrating 10 Years with KDE
    Of course I am using KDE software much longer. My first Linux distribution, SuSE 6.2 (the precursor to openSUSE), came with KDE 1.1.1 and was already released 19 years ago. But this post is not celebrating the years I am using KDE software. Exactly ten years ago, dear Albert committed my first contribution to KDE. A simple patch for a problem that looked obvious to fix, but waiting for someone to actually do the work. Not really understanding the consequences, it marks the start of my journey within the amazing KDE community.
  • GSoC 2018 – Coding Period (May 28th to June 18th): First Evaluation and Progress with LVM VG
    I got some problems during the last weeks of Google Summer of Code which made me deal with some challenges. One of these challenges was caused by a HD physical problem. I haven’t made a backup of some work and had to rework again in some parts of my code. As I already knew how to proceed, it was faster than the first time. I had to understand how the device loading process is made in Calamares to load a preview of the new LVM VG during its creation in Partition Page. I need to list it as a new storage device in this page and deal with the revert process. I’ve implemented some basic fixes and tried to improve it.

Open Hardware: Good for Your Brand, Good for Your Bottom Line

Chip makers are starting to catch on to the advantages of open, however. SiFive has released an entirely open RISC-V development board. Its campaign on the Crowd Supply crowd-funding website very quickly raised more than $140,000 USD. The board itself is hailed as a game-changer in the world of hardware. Developments like these will ensure that it won't be long before the hardware equivalent of LEGO's bricks will soon be as open as the designs built using them. Read more