Find the answer to your Linux question:
Page 1 of 2 1 2 LastLast
Results 1 to 10 of 17
I've read several times in the forums that some don't like Slackware because of "lack of security updates". This seems odd for a distro that prides itself and speed, stability ...
Enjoy an ad free experience by logging in. Not a member yet? Register.
  1. #1
    Just Joined!
    Join Date
    Mar 2005
    Location
    Oklahoma
    Posts
    38

    Slackware Security Updates?


    I've read several times in the forums that some don't like Slackware because of "lack of security updates". This seems odd for a distro that prides itself and speed, stability and security.

    Could someone in the know please explain this to me a bit?

  2. #2
    Linux User Krendoshazin's Avatar
    Join Date
    Feb 2005
    Location
    London, England
    Posts
    471
    in simple they're talking a load of rubbish, while slackware may not offer a system to incorperate all the patches and fixes etc from an automatic update tool, they still offer all the security updates on their own, -you- have to decide which ones you need.
    http://www.slackware.com/security/li...ecurity&y=2004

    all of the updates that are made get incorperated with new releases, to receive security announcements, most slackware users either use the security mailing list or follow the slackware-current changelog, and then there's the question of how many updates it actually needs.
    as i've said before, slackware is fully tested and modified as needed -before- an official release, it uses only stable packages and stable kernels that have been fully tested and modified appropriately. it's for this reason gnome has been dropped as it took up too much time, and the default kernel is still 2.4, not 2.6, although it does offer it in testing.

    if, in patricks words, -most- of the bug reports he receives are about gnome, then it's safe to say that the majority of bugs are not slackware related. this isn't a distro that chucks all the latest stuff in and then irons things out as it goes along.
    most program related problems get left to the project to sort out, where something that effects one program version may not effect a newer one, it's also the reason slackware is not a home for orphaned software.

  3. #3
    Just Joined!
    Join Date
    Mar 2005
    Location
    Oklahoma
    Posts
    38
    That's (pretty much) what I thought. I am on the Slackware security mailing list and have only recieved one update (php) since I joined. I also subscribe to the Linux security mailing list and get notices all the time about the other major distros, never any about Slack.

    Thank you, Krendoshazin. You have (once again) provided exactly the information I was looking for. Cheers!

  4. $spacer_open
    $spacer_close
  5. #4
    Linux User Krendoshazin's Avatar
    Join Date
    Feb 2005
    Location
    London, England
    Posts
    471
    you're welcome

  6. #5
    Linux Enthusiast puntmuts's Avatar
    Join Date
    Dec 2004
    Location
    Republic Banana
    Posts
    562
    Quote Originally Posted by Krendoshazin
    in simple they're talking a load of rubbish, while slackware may not offer a system to incorperate all the patches and fixes etc from an automatic update tool, they still offer all the security updates on their own, -you- have to decide which ones you need.
    http://www.slackware.com/security/li...ecurity&y=2004

    all of the updates that are made get incorperated with new releases, to receive security announcements, most slackware users either use the security mailing list or follow the slackware-current changelog, and then there's the question of how many updates it actually needs.
    as i've said before, slackware is fully tested and modified as needed -before- an official release, it uses only stable packages and stable kernels that have been fully tested and modified appropriately. it's for this reason gnome has been dropped as it took up too much time, and the default kernel is still 2.4, not 2.6, although it does offer it in testing.

    if, in patricks words, -most- of the bug reports he receives are about gnome, then it's safe to say that the majority of bugs are not slackware related. this isn't a distro that chucks all the latest stuff in and then irons things out as it goes along.
    most program related problems get left to the project to sort out, where something that effects one program version may not effect a newer one, it's also the reason slackware is not a home for orphaned software.
    Very nice, but how is it related to the topicstart ? What replies is the topicstarter talking about. I can image some, but won't go speculate about it. In the recent past there were major problems regarding the availability of security updates for several months and some older Slackware versions were dropped without any notice (Slackware 9.1/10.0).
    I\'m so tired .....
    #200472

  7. #6
    Just Joined!
    Join Date
    Mar 2005
    Location
    Oklahoma
    Posts
    38
    Quote Originally Posted by puntmuts
    Very nice, but how is it related to the topicstart ? What replies is the topicstarter talking about. I can image some, but won't go speculate about it. In the recent past there were major problems regarding the availability of security updates for several months and some older Slackware versions were dropped without any notice (Slackware 9.1/10.0).
    The original post was actually seeking an answer to why some say that "Pat stopped releasing security updates". I keep my Slackware current and get the new changelog *almost* daily. So, I guess the real question is: "If I keep my system current and follow the changelog should I worry that Slack isn't releasing securtity updates as they should?"

    But any information on Slackware and security issues past or present would be welcome.

    I wonder; did those problems occur when Pat was knocking on death's door?

  8. #7
    Linux Enthusiast puntmuts's Avatar
    Join Date
    Dec 2004
    Location
    Republic Banana
    Posts
    562
    It probably has to do with his health problems. But the main problem here is that Slackware is basicly a one man show. Pat = Slackware and Slackware = Pat. So if something happens to the man, there will be problems with Slackware. We did see that last year when security updates were expected and not released.

    After a while he decided to communicate about his health problems and arranged a replacement for security updates for the time being. That was GUS-BR and there were non official others as well.

    They all stopped when Patrick announced he was back again and taking over the security part. But after that we had to wait months before any security fix appeared, the older fixes released by others were not merged. So that left me with an unsupported 9.1 and 10.0 box.

    Then 10.1 was released and some month ago we did see the first 10.1 security releases. They were hardly in time and I'm not sure if and when other security related fixes will be released, or released in time. Looks to me as too much risk for a server which is online 24/7.

    My major concerns in this matter are:
    - unsure if and when security updates will be released and for what versions of Slackware
    - the lack of communication about dropping older releases (including 10.0)

    I waited months before I wiped Slackware off my machines. Some things have to change before I will start using Slackware again. Communication is probably the most important one.
    I\'m so tired .....
    #200472

  9. #8
    Just Joined!
    Join Date
    Mar 2005
    Location
    Oklahoma
    Posts
    38
    Now we're getting somewhere.

    Thank you, puntmuts. That also, is the type of information I am seeking.

    Seems I read something from Pat about his take on security updates; but I don't remember well enough to go into it. I need to see if I can find that article.

  10. #9
    Linux Enthusiast puntmuts's Avatar
    Join Date
    Dec 2004
    Location
    Republic Banana
    Posts
    562
    A lot of the communication is in the changelog.txt of the 10.1 release:
    http://slackware.com/changelog/stable.php?cpu=i386

    But I did read some raw IRC log on OSNews, where Pat was online and talked about his condition and the future of Slackware. There were some articles on OSNews as well IIRC .
    I\'m so tired .....
    #200472

  11. #10
    Just Joined!
    Join Date
    Mar 2005
    Location
    Oklahoma
    Posts
    38
    Yeah, I found a quite lengthy post by Pat on his and Slackware's condition dated Thu Jan 13 22:50:33 PST 2005 at Unix Forums here:http://www.unix.com/archive/index.php/t-16764.html

    I shall check OSNews. Im sure I saw an article/interview in which he discussed the security updates issue. I'll find it again. Just not tonight.

Page 1 of 2 1 2 LastLast

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •