Slashdot Mirror

← Back to Stories (view on slashdot.org)

Canonical Developer Warns About Banking With Linux Mint

Posted by samzenpus on from the family-fight dept.

sfcrazy writes "Ubuntu developer Oliver Grawert does not prefer to do online banking with Linux Mint. In the official mailing list of the distribution, Ubuntu developers stated that the popular Ubuntu derivative is a vulnerable system and people shouldn't go for online banking on it. One of the Ubuntu developers, Oliver Grawert, originally pointed out that it is not necessary that security updates from Ubuntu get down to Linux Mint users since changes from X.Org, the kernel, Firefox, the boot-loader, and other core components are blocked from being automatically upgraded." Clement Lefebvre, the Linux Mint project founder, has since made a statement and confirmed that Oliver Grawert seems "more opinionated than knowledgeable" adding "the press blew what he said out of proportion."

10 of 206 comments (clear)

  1. Missing context by Fwipp · · Score: 5, Informative

    TFS makes it sounds like it's a long article about how Linux Mint is insecure.

    Here's the entirety of his commentary:

    Do you think that Linux Mint is a vulnerable system ? Really ?

    https://github.com/linuxmint/mintupdate/blob/master/usr/lib/linuxmint/mintUpdate/rules

    this is the list of packages it will never update, instead of just
    integrating changes properly with the packagaes in the ubuntu archive
    they instead suppress doing (security) updates at all for them.

    i would say forcefully keeping a vulnerable kernel browser or xorg in
    place instead of allowing the provided security updates to be installer
    makes it a vulnerable system, yes

    i personally wouldn't do online banking with it ;)

    ciao
            oli

    1. Re:Missing context by Rob+Simpson · · Score: 5, Informative

      Levels 4 and 5 ("unsafe", in that they may cause things to stop working) are not automatically selected when updating - which is fine with me. Video drivers may need to be reinstalled when performing a kernel update, for example. My issue is that they are not visible by default. It's easy to change in the preferences (there are "safe" and "visible" checkmarks for each level, so I have it set up so I can see if there is a kernel update available and select it when I want to install it) but novice users may miss this.

  2. +1 Article Troll by ADRA · · Score: 3, Informative

    And nothing of value was lost.

    --
    Bye!
    1. Re:+1 Article Troll by squisher · · Score: 5, Informative

      While the article may not have very diplomatic wording, the essence is true: I installed Linux Mint about a year ago, and liked it. But I had to switch to a different distribution after a couple of months because there were virtually NO updates coming in at all. I'd say that Ubuntu updates like crazy, but no updates at all in several months makes it very likely that they just don't have enough manpower to provide such a service. And that does make your distribution vulnerable. My experience may be outdated, but I'd bet it's still the same given this article...

    2. Re:+1 Article Troll by boristhespider · · Score: 3, Informative

      I don't use Mint anymore myself - chiefly because my normal laptop died and Fedora plays more happily with Macbook's twisted form of EFI, and also partly because I spent so long administering Red Hat and then Fedora Core boxes that Fedora comes more naturally to me - but my anecdotal evidence is different. I didn't see Mint updating slowly at all. I can't say I paid much attention to kernel updates, but other patches came through as regularly as on any other distribution.

      For constant kernel updates and the attendent fun wondering if *this* is the update that will break your wifi or graphics support, nothing beats Fedora.

      Disclaimer for those taking Slashdot a bit too seriously: Fedora's constant kernel updates have only twice broken my wifi or graphics support, and that's chiefly because of a small latency in the drivers being updated that I wouldn't have noticed had I just waited about twenty minutes. It is irritating plugging the damn machine into the router again (they live in different rooms, and I'm no fan of trailing metre after metre of cable around), but that's the price you pay for updating without thinking.

    3. Re:+1 Article Troll by wile_e8 · · Score: 5, Informative

      Read the statement from Clem in the summary. Linux Mint updates just as fast as Ubuntu on most things, but has certain updates that could potentially crash otherwise stable machines disabled as a default. If you are really concerned about these to avoid vulnerability, they are easy to enable. Nothing about Linux Mint updates are slow after you enable them.

  3. Somewhat FUD apparently by jones_supa · · Score: 3, Informative

    I found this interesting Google+ post from the Muktware article comments.

  4. Mint runs xhost + by Anonymous Coward · · Score: 2, Informative

    Mint has no security. They intentionally run with access control disabled on the X server (xhost +). Keyloggers and screen scrapers are trivial in this case. Bugs have been filed about this, but Mint considers it working as designed.

  5. Re:like we needed more ammo by ifiwereasculptor · · Score: 3, Informative

    LFS isn't a branch, it's more akin to the root. Or maybe a book on growing branches, designed for trees. Which is more accurate but kind of wrecks the metaphor.

  6. Re:This is why... by Windwraith · · Score: 3, Informative

    Seeing the originating comment is pretty much a harmless comment made on an Ubuntu mailing list, I think you are being misled by the flamebaiting article wording.

    All the guy said accounts to "this is a list of packages it won't update by default. I don't consider those choices very safe". How is this even newsworthy? And not only slashdot, other sites are making way too much of it.
    Also, notice this post so rich in Canonical evil ending with a ";)", I mean come on. This is news as much as somebody posting "lol ps4 sucks" on twitter.