Language Selection

English French German Italian Portuguese Spanish

Debian addresses security concerns

Filed under
Linux

The organization's security team has issued a host of announcements and informed the community it has resolved problems with the infrastructure governing security updates.

"There were several issues with the security infrastructure after the release of Sarge [aka Debian 3.1] that led to the Debian security team being unable to issue updates to vulnerable packages. These issues have been fully resolved, and the infrastructure is working correctly again," it said in a statement issued this afternoon.

Debian's elected leader Branden Robinson yesterday flagged an inquiry into the processes by which security updates are released, citing a potential lack of transparency and communication failures.

It was also an appropriate time to add new members to Debian's security team, as several have been inactive for a while, Robinson said in an e-mail to developers. He admitted the organisation had been "sluggish" in the area recently and said the focus would now be on ensuring Debian was not plagued with such problems again.

He said an inquiry -- to be conducted by developer Andreas Barth -- would allow the organisation to attack weak points.

"One thing I'd like to see is better documentation of the internal workings of the security update process," he wrote. "With a broader understanding of the security workflow, I'm hopeful that people will be less likely to draw erroneous inferences about what the causes of problems are, and more likely to make offers of assistance that prove fruitful."

Robinson said he expects to spend a lot of time talking about the security issue to Debian developers and representatives of the user community at the upcoming sixth annual Debian developer conference on July 10 in Helsinki, Finland.

"Many people have stepped forward in public or in private to offer us assistance with ensuring that this problem does not recur," he said, "and that Debian upholds its valuable reputation as a consistent provider of timely security updates to its users."

"I regret the interruption of this service, but with so many people determined to apply their skills to this facet of our responsibilities, I'm confident that we can prevent its recurrence."

Robinson said after "extensive conversations with many people", he suspected two factors were at the heart of Debian's security woes.

Firstly, he said the security team had not been given enough manpower to deal with the demands being placed on it. In addition, there was a failure in the process of actually distributing security updates that were ready to go out.

In the statement issued this afternoon, Debian warned users against installing packages from the "sarge-proposed-updates" suite, as some Web sites had been advocating as a temporary fix before official updates became available.

"Those packages are currently under development and may not work properly," the statement said. "In addition, those packages may not provide users with timely security fixes."

By Renai LeMay
ZDNet Australia

More in Tux Machines

Linux at 25: How Linux changed the world

I walked into an apartment in Boston on a sunny day in June 1995. It was small and bohemian, with the normal detritus a pair of young men would scatter here and there. On the kitchen table was a 15-inch CRT display married to a fat, coverless PC case sitting on its side, network cables streaking back to a hub in the living room. The screen displayed a mess of data, the contents of some logfile, and sitting at the bottom was a Bash root prompt decorated in red and blue, the cursor blinking lazily. I was no stranger to Unix, having spent plenty of time on commercial Unix systems like OSF/1, HP-UX, SunOS, and the newly christened Sun Solaris. But this was different. Read more

Linux Kernel News and Microsoft Breaks PowerShell

  • Coherent Accelerators, FPGAs, and PLD Microconference Accepted into 2016 Linux Plumbers Conference
    It has been more than a decade since CPU core clock frequencies stopped doubling every 18 months, which has shifted the search for performance from the "hardware free lunch" to concurrency and, more recently, hardware accelerators. Beyond accelerating computational offload, field-programmable gate arrays (FPGAs) and programmable logic devices (PLDs) have long been used in the embedded space to provide ways to offload I/O or to implement timing-sensitive algorithms as close as possible to the pin.
  • Linux's brilliant career, in pictures
    Aug. 25 marks the 25th anniversary of Linux, the free and open source operating system that's used around the globe in smarphones, tablets, desktop PCs, servers, supercomputers, and more. Though its beginnings were humble, Linux has become the world’s largest and most pervasive open source software project in history. How did it get here? Read on for a look at some of the notable events along the way.
  • Quarter Century of Innovation – aka Happy Birthday Linux!
    Happy birthday Linux. You’ve defined how we should be using and adoption technology. You’ve disrupted and continue to disrupt, industries all over the place. You’ve helped define what it means to share ideas openly and freely. You’ve shown what happens when we collaborate and work together. Free and Open Source is a win-win for all and Linux is the Gold Standard of that.
  • Microsoft Open Source Czar Takes Spotlight at LinuxCon [Ed: Microsoft paid for this]
  • Windows Update borks PowerShell – Microsoft won't fix it for a week
    You'd be forgiven for thinking Microsoft is actively trying to stop people using Windows 10 Anniversary Edition. A patch this week broke one of the key features of the OS: PowerShell.

Android Leftovers

  • Xiaomi Redmi Note 4 unveiled in China, priced at $135
    Xiaomi took the wraps off their latest smartphone offering, the Redmi Note 4, earlier today, and as is expected from the budget-friendly Redmi series, the device offers a premium look, specifications, and features, and more importantly, an ultra-affordable price tag. The Redmi Note 4 retains the premium full metal unibody construction that was introduced with its predecessor, but now comes with a brushed metal finish and chamfered edges that looks and feels even better. The design language is quite similar as well, with the Redmi Note 4 also coming with a fingerprint scanner on the back. Under the hood, the Redmi Note 4 comes with a 5.5-inch Full HD display that is covered with a 2.5D curved glass panel. The phone is powered by a MediaTek Helio X20 processor, that is backed by the Mali-T880MP4 GPU and 2 GB or 3 GB of RAM. 16 GB or 64 GB are the on-board storage options available, which also dictates how much RAM you get, and you also get expandable storage via microSD card to cover all your needs. Keeping everything running is a huge 4,100 mAh battery.
  • New study finds iPhones fail far more often than Android phones
    Apple customers are generally a shockingly loyal bunch. The company’s high repeat customer rate can be attributed to a combination of factors that concern iPhones themselves as well as Apple’s industry-leading customer service. Dealing with Apple’s customer care department has always been a pleasure compared to dealing with rival companies, and iPhones themselves have historically been very reliable, offering a consistently smooth user experience that people love.
  • Relax, Spire can now connect to Android phones
    Spire, the wearable that promises to help you with healthy breathing and mindfulness, was previously only available for iOS devices. But that should change with an update rolling out now.
  • Android 7.0 Nougat: Small changes that make a big difference in UX
    The seventh iteration of Android (Nougat) has finally been released by the mighty Google. If you happen to be the owner of a Nexus device, you might see this update very soon. Everyone else...you know the drill. So after an extended period of waiting for the update to trickle through your carrier and onto your device, what can you expect to happen to your Android device once its center has become a creamier shade of Nougat?
  • Two Nokia Android smartphones show up in benchmark
    Nokia is definitely coming out with a few Android smartphones later this year, but today's Nokia has little in common with the company that ruled the mobile phone industry for years. For starters, the devices that will be released this year, or the next, will be made by a third-party company. Nokia won't be manufacturing phones anymore and most likely it won't manage the way they are sold through retailers and authorized resellers.
  • Proxima bae, Instagram scams, Android goes full crypto: ICYMI
  • PayPal adds proper Nexus Imprint fingerprint login support on Android
  • Google Duo has been downloaded 5 million times on Android since its release

Comparison of the Samsung Z1 vs Z2 vs Z3 Tizen smartphones

Compare Samsung Z1, Z2, and Z3 Tizen Smartphones Lets do a quick history lesson: The first Tizen Smartphone was the Samsung Z1, then came the Z3, and yesterday was the turn of the 4G touting Z2 to take centre stage. On the whole the Z2 is very similar to the Z1 and can be thought of a Z1 2016 edition with the inclusion of 4G cellular connectivity and updated software with user requested features. Read more