Language Selection

English French German Italian Portuguese Spanish

Debian addresses security concerns

Filed under
Linux

The organization's security team has issued a host of announcements and informed the community it has resolved problems with the infrastructure governing security updates.

"There were several issues with the security infrastructure after the release of Sarge [aka Debian 3.1] that led to the Debian security team being unable to issue updates to vulnerable packages. These issues have been fully resolved, and the infrastructure is working correctly again," it said in a statement issued this afternoon.

Debian's elected leader Branden Robinson yesterday flagged an inquiry into the processes by which security updates are released, citing a potential lack of transparency and communication failures.

It was also an appropriate time to add new members to Debian's security team, as several have been inactive for a while, Robinson said in an e-mail to developers. He admitted the organisation had been "sluggish" in the area recently and said the focus would now be on ensuring Debian was not plagued with such problems again.

He said an inquiry -- to be conducted by developer Andreas Barth -- would allow the organisation to attack weak points.

"One thing I'd like to see is better documentation of the internal workings of the security update process," he wrote. "With a broader understanding of the security workflow, I'm hopeful that people will be less likely to draw erroneous inferences about what the causes of problems are, and more likely to make offers of assistance that prove fruitful."

Robinson said he expects to spend a lot of time talking about the security issue to Debian developers and representatives of the user community at the upcoming sixth annual Debian developer conference on July 10 in Helsinki, Finland.

"Many people have stepped forward in public or in private to offer us assistance with ensuring that this problem does not recur," he said, "and that Debian upholds its valuable reputation as a consistent provider of timely security updates to its users."

"I regret the interruption of this service, but with so many people determined to apply their skills to this facet of our responsibilities, I'm confident that we can prevent its recurrence."

Robinson said after "extensive conversations with many people", he suspected two factors were at the heart of Debian's security woes.

Firstly, he said the security team had not been given enough manpower to deal with the demands being placed on it. In addition, there was a failure in the process of actually distributing security updates that were ready to go out.

In the statement issued this afternoon, Debian warned users against installing packages from the "sarge-proposed-updates" suite, as some Web sites had been advocating as a temporary fix before official updates became available.

"Those packages are currently under development and may not work properly," the statement said. "In addition, those packages may not provide users with timely security fixes."

By Renai LeMay
ZDNet Australia

More in Tux Machines

openSUSE Leap 15 Will Succeed 42.3

What comes after openSUSE Leap 42.3 for SUSE's community non-rolling distribution? Version 15. Richard Brown announced on the behalf of the openSUSE Board and Leap Release Manager that the next version after openSUSE Leap 42.3 will be openSUSE Leap 15. Yes, that's after pre-42 was openSUSE 13.2. Read more Also: Mailinglist Archive: opensuse-project (15 mails)

Leftovers: Software

  • GNU Guile 2.2.1 released
    We are happy to announce GNU Guile release 2.2.1, the first bug-fix release in the new 2.2 stable release series.
  • Announcing Nylas Mail 2.0 [Ed: just Electron]
  • Cerebro Is An Amazing Open Source OS X Spotlight Alternative For Linux [Ed: also just Electron]
    You may be fed up with traditional way of searching/opening applications on your system. Cerebro is an amazing utility built using Electron and available for Linux, Windows, and Mac. It is open-source and released under MIT license.
  • Flowblade Another Video Editor for Linux? Give It A Try!
    You may have favorite video editor to edit your videos but there is no harm to try something new, its initial release was not that long, with time it made some great improvements. It can be bit hard to master this video editor but if you are not new in this field you can make it easily and will be total worth of time.
  • Get System Info from CLI Using `NeoFetch` Tool in Ubuntu/Linux Mint
  • Ukuu Kernel Manager Utility lets You Upgrade or Install Kernels in Ubuntu/Linux Mint
    There are many ways to upgrade your Linux Kernel using Synaptics, command line and so. The Ukuu utility is the simply solution to manager your Ubuntu/Linux Mint kernels. If you want to test new fixes in the Linux Kernel then you can install Mainline Kernels released by Ubuntu team but mainline Kernels are intended to use for testing purposes only (so be careful).
  • 10 Reasons Why You Should Use Vi/Vim Text Editor in Linux
    While working with Linux systems, there are several areas where you’ll need to use a text editor including programming/scripting, editing configuration/text files, to mention but a few. There are several remarkable text editors you’ll find out there for Linux-based operating systems.
  • OpenShot 2.3 Linux Video Editor New Features
    It’s been quite some time since we last talked about OpenShot, and more specifically when it had its second major release. Recently, the team behind the popular open source video editor has made its third point release available which happens to come with a couple of exciting new features and tools, so here is a quick guide on where to find them and how to use them.
  • Boostnote: Another Great Note Taking App for Developers? Find Out By Yourself
    Boostnote is an open-source note-taking application especially made for programmers and developers, it is build up with Electron framework and cross-platform available for Linux, Windows and Mac. Being programmers, we take lots of notes which includes commands, code snippets, bug information and so on. It all comes in handy when you have organized them all in one place, Boostnote does this job very well. It lets you organize your notes in folders with tags, so you can find anything you are looking for very quickly.
  • Collabora Office 5.3 Released
    Today we released Collabora Office 5.3 and Collabora GovOffice 5.3, which contain great new features and enhancements. They also contains all fixes from the upstream libreoffice-5-3 branch and several backported features.

Virtualization and Containers

GNOME News