Quickness of security updates - too slow to fix important software in a timely manner?
- Inicie sesión o regístrese para enviar comentarios
Hello
As much as I like the idea behind trisquel there is one major concern I'd like to address: security updates
It seems that security updates take a long time to show up. For example: the recent firefox version is 31.3 esr. It fixes three critical security problems and was released on the 25.11.2014. Until today (06. December 2014) this update is not available for trisquels icecat. Debian released it on 03. December 2014.
So I wonder how safe the users really are using trisquel and browsing the web. Given the importance of these fixes the question is: what is the lesser of the two problems - using another distro which might not be free in terms of the gnu philosophy but fixes security problems in time or using trisquel with open holes? Please keep in mind that these problems might affect other and maybe more critical software that is used in trisquel (kernel, ssl etc.) - though I cannot say how the update process is for these.
Is this a known problem to the devs? Are there any plans to reduce problems like that.
You're comparing two different issues, software freedom and security. 100% free distros will always be better than those that provide less because, even if the distro itself is slow at providing updates, people that want those updates can compile and install them themselves while retaining their 100% freedom status. However, the new infastructure that was discussed elsewhere will hopefully help with this because it will automatically compile things... but things often fail to compile from source and need some work, so it won't eliminate work being needed but hopefully it'll help... especially if people take a more active role in helping with the distro, since anyone's able to get an account and start working on stuff.
With some exceptions (when there's been a beta in progress) Trisquel security fixes have arrived within a few days of upstream release. The new automated build system which is in alpha should shorten this delay in all circumstances where no new Trisquel code changes have to be made. It should also fix the delay hiccups we've had in the last two betas as well.
In the case of GNU Icecat, Trisquel GNU Icecat is at the same level as the upstream release. Quidam is also maintainer of GNU Icecat, so ask him for an ETA either as per the Icecat page https://www.gnu.org/software/gnuzilla/ or find him as quidam on #trisquel at freenode.
Abrowser is on a pretty new version, I think.
GNU Icecat is always a little behind- Abrowser is usually hot on the trail of Mozilla, however.
I am a translator!
Firefox 34 --- december 1
Abrowser 34 ----december 5
what's the fuzz about?
p.s - abrowser with a few about:config tweaks and a handful of addons is as secure as icecat. Use it!!
- Inicie sesión o regístrese para enviar comentarios