Trisquel updates.

8 respostas [Última entrada]
SabirSaleem90
Desconectado
Joined: 10/03/2021

Hi,

I am using trisquel for a year it is good but I see it's not updated and libraries and it's packages are too old does it can make security issues because if we see 9.0 LTS so it uses MATE 1.20 which is even vulnerable as I posted and all user's were agreed.

so that's mean trisquel most latest version has vulnerable desktop interface which isn't fixed yet.

see here.

https://trisquel.info/en/forum/trisquel-mate-desktop-vulnerability

Even KDE PLASMA Version in repo has very old version which uses KDE Framework 44 which had many bugs in dekstop directory which KDE fixes in their KDE Framework newer versions affected from KDE Framework 60.

So after much consideration I tried to move on most latest and updated GNU Distrubtion & obvious FSF Endorsed which is PURE OS.

But many peoples saying Purism is also scam as they are selling librem laptop by saying libre but contains non free coreboot so how can we trust their any product even PURE OS is also developed from Purism Community so how can we trust FSF matters.

Please help me as it is big question in Free Software Foundation.

Thank you
Regards:
Sabir Saleem

jxself
Desconectado
Joined: 09/13/2010

General project policy is to freeze version numbers on release. This is what other distros with long times between stable versions do too (e.g. Debian.) But that doesn't mean bug and security issues don't get addressed. Those can be applied while still keeping the overall version number the same. So the moral of the story is that just because you see that it's MATE 1.20 doesn't mean that it's the *same* MATE 1.20 as what the MATE Project shipped. Or the *same* Linux version 4.15. And etc.

Legimet
Desconectado
Joined: 12/10/2013

The vulnerability that Sabir is referring to is still present in Ubuntu 18.04 and Trisquel 9, see https://ubuntu.com/security/cve-2018-20681.

lanun
Desconectado
Joined: 04/01/2021

There have been a few issues reported about the MATE screensaver, some might possibly be related to this bug:

https://trisquel.info/en/project/issues?text=screensaver&projects=&status=Open&priorities=All&categories=All

This vulnerability should be reported for what it is in the issue tracker, it is more than a mere discussion topic.

EDIT: Issue created: https://trisquel.info/en/issues/28553

lanun
Desconectado
Joined: 04/01/2021

...and fixed. Thanks Ark74.

SabirSaleem90
Desconectado
Joined: 10/03/2021

Basically the vulnerability seems still present in current version of trisquel 9 as I see version is still not updated.

Anyways KDE is keep on updating security fixes but their latest repo are not adding in trisquel repo for kde when we upgrade packages it's really weird because everyday bugs and vulnerability comes in softwares and software developers fix them and update their repo as I am developer too.

so trisquel should have all packages updated in order to prevent any vulnerability please correct me if I am wrong.

while pureos is updating in every few Months and Years this seems good.

But many people saying they are doing scam in the way of librem they selling with coreboot and even FSF endorsing their non free laptops.

so how can we trust their other products and os or anything.

I need good answer please.
Thank you

lanun
Desconectado
Joined: 04/01/2021

To be clear, the issue I opened is not about the way updates generally work in Trisquel.

It is expected that MATE will be version 1.20.x as long as Trisquel 9 will be supported, but such vulnerabilities as the one you mentioned about mate-screensaver are supposed to be patched asap.

By the way, thank you for posting about it. Feel free to add comments in the issue if you think something is missing, but the information you and Legimet provided seem sufficient for the situation to be investigated properly, and addressed.

Legimet
Desconectado
Joined: 12/10/2013

PureOS isn't different in this respect. It's based on Debian which freezes package versions just like Ubuntu and Trisquel. While these distros all try to backport security fixes, sometimes they forget, as you pointed out with mate-screensaver. If you want the latest version of everything, perhaps you should try Parabola which is a rolling release distro.

Also, I do not think the FSF has endorsed Purism's laptops.

SabirSaleem90
Desconectado
Joined: 10/03/2021

Yes, Legimet I see I will try Parabola in coming Week :)