It’s never a particularly tasty task having to write a news article on something that you know is going to cause headache and upset in the wider community.
Earlier today I had to grin and bear it as I did just that in an article relaying comments made by Canonical engineer Oliver Grawert in which he branded Linux Mint a “‘vulnerable’ system” due to the way the distro provides security updates to users.
Tl;dr: they don’t. (At least, not automatically.)
A Canonical developer highlighting security concerns with another distro might sound like pure click bait on paper, but in practice it has important ramifications for users. Security is important, even on a platform that most perceive as invincible.
‘To put my own Top Trumps cards on the table, I was unaware that Mint held back security updates…’
Whether you agreed with Oliver’s take on Mint’s approach or not, his comments were worth relaying. These weren’t made by someone with an axe to grind.. They were informed by his esteemed position as an Ubuntu engineer. He knows what he’s talking about. Whether correct or misplaced, his comments have resulted in positive discussions about how security update practices should be handled.
To put my own Top Trump™ cards on the table, I was unaware that Mint held back security updates for packages like Xorg and the Linux Kernel. So, at the very least, this mini-furore – borne largely out of knee-jerk reaction to the comments rather than their content in intent – has served a purpose.
Linux Mint head-honco Clement Lefebvre has since responded to the remarks, saying that he and his team of developers are “very happy with the filtering system” for security updates in Mint.
” We explained why the Ubuntu update policy was not good enough for us and we consequently developed the update manager to solve that particular problem.
Firefox doesn’t come to you later in Mint than it does in Ubuntu (it’s a level 2 update).
Yes, by default you get updates in Ubuntu for kernels and Xorg and not in Mint. Yes, there’s a very good reason for that.”
While Lefebvre doesn’t expand on precisely what that “very good reason” is, the general consensus on the web seems to be that Kernel and Xorg updates are held back because of the stability and performance issues that sometimes arise after upgrading.
Which, in many ways, is understandable.
Linux Mint don’t prevent their users from installing these updates but they are not enabled by default.
For further information on Linux Mint’s approach to security refer to the following blog post.