While these attacks are regrettable, and part of an infrastructure problem rather than a problem with the distribution itself, it increasingly appears that the Linux Mint team, led by project leader Clement Lefebvre, is spread too thin when it comes to security.
The architectural design of Linux Mint inherits a great deal from its upstream sources Debian and Ubuntu (which is itself based upon Debian). Unfortunately, it lacks any sort of security advisories—Linux Mint evangelists insist that referring to the Ubuntu or Debian advisories is sufficient. Not every package in Linux Mint is available in Ubuntu or Debian, and this argument is further complicated by the fact that updates that work perfectly in Ubuntu or Debian are blacklisted by the Linux Mint team due to compatibility issues.
Linux Mint has the somewhat peculiar design decision of not updating the kernel using the graphical update manager. Users must run apt-get dist-upgrade in a terminal in order to receive updates, when users of Ubuntu receive the same kernel updates automatically. This leaves users vulnerable to potential root exploits and hardware issues. Additionally, there is an issue with shifting release cadences—with version 17, the underlying base moved from standard releases to Long-Term Support (LTS) releases of Ubuntu. Consequently, the packages incorporated are older, on average, than in previous releases, and if blacklisted are both old and insecure.
No comments:
Post a Comment