Find the answer to your Linux question:
Page 2 of 2 FirstFirst 1 2
Results 11 to 17 of 17
we just had 4 new security updates released http://slackware.com/security/list.p...ecurity&y=2005 that makes 5 in the past month, this is pretty much the same amount that was constant for the year of ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #11
    Linux User Krendoshazin's Avatar
    Join Date
    Feb 2005
    Location
    London, England
    Posts
    471

    we just had 4 new security updates released
    http://slackware.com/security/list.p...ecurity&y=2005
    that makes 5 in the past month, this is pretty much the same amount that was constant for the year of 2004, and people use the fact he was sick as some kind of excuse to take a dig at it, even while he still worked on it all through his sickness.
    yes there was a period of inactivity for a couple of months, but this isn't a reason to start claiming the sky is going to fall on our heads. no 10.0 has not been dropped, security updates are made available for all versions starting from 8.1.

    maybe now this rubbish of lack of updates can stop.

  2. #12
    Linux Enthusiast puntmuts's Avatar
    Join Date
    Dec 2004
    Location
    Republic Banana
    Posts
    562
    Quote Originally Posted by Krendoshazin
    we just had 4 new security updates released
    http://slackware.com/security/list.p...ecurity&y=2005
    that makes 5 in the past month, this is pretty much the same amount that was constant for the year of 2004, and people use the fact he was sick as some kind of excuse to take a dig at it, even while he still worked on it all through his sickness.
    yes there was a period of inactivity for a couple of months, but this isn't a reason to start claiming the sky is going to fall on our heads. no 10.0 has not been dropped, security updates are made available for all versions starting from 8.1.

    maybe now this rubbish of lack of updates can stop.
    1. I was talking about Slackware 10.0 and 9.1 not very old versions. But he started to provide updates again and that is fine, but there are still missing things. And what will happen if his health problems increase again ? You can only hope for security updates and pray for any communication about it.
    2. You can't measure the quality and being in time of security updates by comparing it to last year. That is just plain silly.
    3. If for a period of almost 6 months there are no security updates at all then there is a serious problem with security. You can say it is not important but I think it is unacceptable and a very big issue. If I want a system that was insecure I would use Windows.
    4. The lack of communication about this was a major issue as well. Users did not know what to expect, when to expect, where to expect etc. So be my guest and feel very confident of Slackware security policy stating others have nothing to say but rubbish. Have a good night and sleep well.
    I\'m so tired .....
    #200472

  3. #13
    Linux User Krendoshazin's Avatar
    Join Date
    Feb 2005
    Location
    London, England
    Posts
    471
    Quote Originally Posted by puntmuts
    1. I was talking about Slackware 10.0 and 9.1 not very old versions. But he started to provide updates again and that is fine, but there are still missing things. And what will happen if his health problems increase again ? You can only hope for security updates and pray for any communication about it.
    first of all, 9.1 was released in 2003, slackware is over 10 years old, and what exactly is missing, perhaps you'd like to provide evidence of these missing things. secondly if his health problems do start up again, the community will be ready to take over at a moments notice just like they helped out the first time.
    2. You can't measure the quality and being in time of security updates by comparing it to last year. That is just plain silly.
    how is it silly if the updates apply to currently well used versions, they show a concise level of concistancy of about 5 updates per month, the point this is making is the fact that you get one thing and nobody is complaining, suddenly he gets sick and misses a couple of months of updates, then things get back on track with the -same- level of consistancy, and yet people are still complaining? that's what's silly.
    3. If for a period of almost 6 months there are no security updates at all then there is a serious problem with security. You can say it is not important but I think it is unacceptable and a very big issue. If I want a system that was insecure I would use Windows.
    it wasn't 6 months, and you're not taking into account the fact of how many updates were released, vs, how many were -needed-, were they remote exploits or locally exploitable, were any of them of a critical nature, there's many things to take into account, you can't just say "no updates have been released, therefore it's insecure", that's pure speculation
    4. The lack of communication about this was a major issue as well. Users did not know what to expect, when to expect, where to expect etc. So be my guest and feel very confident of Slackware security policy stating others have nothing to say but rubbish. Have a good night and sleep well.
    first of all patrick made it quite clear to the community the situation of his health, he may not have wished to do so at first, but seeing the result right here i can understand why he didn't want to.

    i suggest you backs up your accusations with facts next time

  4. #14
    Linux User Krendoshazin's Avatar
    Join Date
    Feb 2005
    Location
    London, England
    Posts
    471
    puntmuts, maybe we got started off on the wrong foot, it wasn't my intention to start a flame war, i was wrong to say your opinion was rubbish and i apologise for that. you're entitled to your opinion, and i can see why a lack of updates for a while would cause concern, in truth it could of been handled better but under the circumstances we can't blame pat for that.
    things do seem to be getting back to normal now though, fingers crossed it remains that way.

  5. #15
    Just Joined!
    Join Date
    Mar 2005
    Location
    Oklahoma
    Posts
    38
    OK. This is starting to head where I feared it might. I didn't want to start any arguments, just trying to find actual facts about the situation.

    I still haven't found the article I am looking for (can't believe I didn't save it.)

    In the elusive article I recall Pat saying that he does keep up on security vunerablilites but most of the vulnerabilities reported were "crash bugs" at worst and not of a critical nature. I don't want to go any further into what I *think* I recall from that article without being able to post it for you to peruse and judge on your own.

    I'm now curious as to how many Slackware users suffered during the period of "no updates". By that I mean actually compromised in the real world, not in speculation. I've been Googling all morning and haven't found any evidence of Slackware actually being more vulnerable during this period. And we all know how Linux... well, internet users love to post their woes to the world, and the lack of such posts leads me to believe that this hasn't been a real world issue.

    Of course, I am a Slackware user and my opinion will reflect the affinity I have for Slackware and Patrick. That being said, I agree with Krendoshazin's first post in this thread that the amount of testing and the fact that Slack doesn't try to be bleeding edge with it releases, makes it from the start more secure than most, maybe not all, distros. My opinion is that being "bleeding edge" in itself makes your system more vulnerable.

    I think had Pat known more about his condition he may have been quicker to communicate what was going on. In my opinion he does communicate pretty well; perhaps not so well in the beginning of his illness since he was so sick and doctors were unable to pinpoint the problem. In that regard, I think we should cut him some "slack". It seems he now has the people in place who will take over Slackware in the event (God forbid) of his demise.

  6. #16
    Linux User Krendoshazin's Avatar
    Join Date
    Feb 2005
    Location
    London, England
    Posts
    471
    that's ok, no arguments were started, i should of more carefully chosen my choice of words, but i can admit when i've made a mistake.
    i still stand by what i said in my posts, patrick isn't afraid to downgrade a package if he feels it's necessary for the benefit of slackware, i remember redhat had a whole heap of problems because of a core component they upgraded that was not properly tested, however since i can't find the link for it i'll have to put that to the side as hearsay.
    unfortunately i fear the true spirit of linux is being pushed to the side for distro's that offer shiney gui's and lots of programs, i wonder how many know the true state of security for their distro.

    Thanks to everyone who helped out with this release, and especially to the folks at GUS-BR and SlackSec who helped (and continue to help) with handling security issues for the last few months
    http://www.slackware.com/changelog/current.php?cpu=i386
    (right down at the bottom)

    btw patrick said that he's feeling much better and is in much better health, don't forget to follow the changelog for full details of what's going on, details are usually always given there.

  7. #17
    Linux Enthusiast puntmuts's Avatar
    Join Date
    Dec 2004
    Location
    Republic Banana
    Posts
    562
    Slackware is distributed with buildscripts. So you are able to update your own installation, if you want to and are able to. Most of the times these scripts will work fine with newer / bugfix releases. The point I want to make is that Slackware depends on 1 person and that that 1 person does not a good job communicating to the users of Slackware. Not a single post on the security mailinglist about the lack of updates. You have to gather information on various sources, otherwise you wouldn't have known anything about updates on a different place (GUS-Br) and updates not being released for months after that. Communication about it could have alerted users they had to keep track of those updates themselves on different places.

    I'm not questioning his technical capabilities here, Slackware has a outstanding record in stability and security. Except for the time Pat wasn´t able to provide proper security updates. In that period there was a problem with php for example, not solved for many months in any stable Slackware version.

    I was a long time contributing member of the Slackware community since the 7.x versions. But the illness of Pat and the lack of (communication about) updates made me aware of the main weakness of Slackware, the one man show thing.

    So the security of Slackware is not all happiness and lets hope things will go right with the health of Pat and he will start communicating in a more structured way.
    I\'m so tired .....
    #200472

Page 2 of 2 FirstFirst 1 2

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •