Canonical Developer Warns About Banking With Linux Mint

← Back to Stories (view on slashdot.org)

Canonical Developer Warns About Banking With Linux Mint

Posted by samzenpus on Monday November 18, 2013 @10:30AM from the family-fight dept.

sfcrazy writes "Ubuntu developer Oliver Grawert does not prefer to do online banking with Linux Mint. In the official mailing list of the distribution, Ubuntu developers stated that the popular Ubuntu derivative is a vulnerable system and people shouldn't go for online banking on it. One of the Ubuntu developers, Oliver Grawert, originally pointed out that it is not necessary that security updates from Ubuntu get down to Linux Mint users since changes from X.Org, the kernel, Firefox, the boot-loader, and other core components are blocked from being automatically upgraded." Clement Lefebvre, the Linux Mint project founder, has since made a statement and confirmed that Oliver Grawert seems "more opinionated than knowledgeable" adding "the press blew what he said out of proportion."

17 of 206 comments (clear)

Min score:

Reason:

Sort:

like we needed more ammo by X0563511 · 2013-11-18 10:31 · Score: 4, Insightful

Nice job Oliver - we really needed more ammunition in the Everyone vs Canonical battle.

--
For large sets, this will be our guide even unto death, for the LORD will work for each type of data it is applied to...
1. Re:like we needed more ammo by Eggplant62 · 2013-11-18 11:05 · Score: 4, Insightful
  
  This is the stupidest thing I've ever read. Not only is it a blow to Mint, but to free software in general. I just got done crowing to friends that Linux isn't full of NSA backdoors, and then this pops up on newsfeed. Sheiss.
  I suppose our developer doesn't understand that one can go with slightly more intelligent tools, like apt-get on the CLI, to get those packages upgraded? If so, he's no developer I'd give a shit about.
2. Re:like we needed more ammo by fisted · 2013-11-18 11:06 · Score: 4, Funny
  
  Nice to be on top with LFS, right?
  Wait.. Oh, Hey, we didn't see you guys all the way over there!
  Yours, The BSDs
  
  --
  CLI paste? paste.pr0.tips!
3. Re:like we needed more ammo by exomondo · 2013-11-18 11:20 · Score: 4, Insightful
  
  I suppose our developer doesn't understand that one can go with slightly more intelligent tools, like apt-get on the CLI, to get those packages upgraded? If so, he's no developer I'd give a shit about.
  He likely does, but that's not really the point is it? It's whether the average users know to do this.
Lots of this lately by Anonymous Coward · 2013-11-18 10:39 · Score: 5, Insightful

if you can't say how good your product is. tell everyone how shitty everyone elses product is.
Missing context by Fwipp · 2013-11-18 10:43 · Score: 5, Informative

TFS makes it sounds like it's a long article about how Linux Mint is insecure.
Here's the entirety of his commentary:

Do you think that Linux Mint is a vulnerable system ? Really ?

https://github.com/linuxmint/mintupdate/blob/master/usr/lib/linuxmint/mintUpdate/rules
this is the list of packages it will never update, instead of just
integrating changes properly with the packagaes in the ubuntu archive
they instead suppress doing (security) updates at all for them.
i would say forcefully keeping a vulnerable kernel browser or xorg in
place instead of allowing the provided security updates to be installer
makes it a vulnerable system, yes
i personally wouldn't do online banking with it ;)
ciao
oli
1. Re:Missing context by ttucker · 2013-11-18 10:56 · Score: 4, Insightful
  
  It is a pretty fucking good point too, that list of rules contains update exclusions that certainly would affect security.
2. Re:Missing context by Rob+Simpson · 2013-11-18 14:30 · Score: 5, Informative
  
  Levels 4 and 5 ("unsafe", in that they may cause things to stop working) are not automatically selected when updating - which is fine with me. Video drivers may need to be reinstalled when performing a kernel update, for example. My issue is that they are not visible by default. It's easy to change in the preferences (there are "safe" and "visible" checkmarks for each level, so I have it set up so I can see if there is a kernel update available and select it when I want to install it) but novice users may miss this.
This is why... by sgage · 2013-11-18 10:45 · Score: 5, Insightful

... I don't want anything more to do with Canonical, or Ubuntu, or Mint, or any of that lot. I'm sticking with Debian. I'm sure it has its problems and all, but at least the politics seem to remain mostly internal. These public pissing matches between distros just seem so counter-productive. But since I've been using Linux (1998), it seems to be a constant. Ego issues? I don't know. I don't particularly care. It's just so boring and off-putting.
1. Re:This is why... by jones_supa · 2013-11-18 10:58 · Score: 4, Insightful
  
  I personally am seeing BSDs as an increasingly interesting choice.
2. Re:This is why... by sensei+moreh · 2013-11-18 12:48 · Score: 4, Interesting
  
  Fedora, Mint, Ubuntu. I run all three. Mint for Cinnamon, the other two (with LXDE desktops) because sometimes one just works better than the other. Pissing matches are those who've been drinking too much beer.
  
  --
  Geology - it's not rocket science; it's rock science
Pot and kettle by Anonymous Coward · 2013-11-18 10:47 · Score: 4, Insightful

Why would you want to use a different distro where you don't know what could happen to your personal info;Here at Canonical we build the selling of your private info right into the menu!
Re:+1 Article Troll by squisher · 2013-11-18 10:55 · Score: 5, Informative

While the article may not have very diplomatic wording, the essence is true: I installed Linux Mint about a year ago, and liked it. But I had to switch to a different distribution after a couple of months because there were virtually NO updates coming in at all. I'd say that Ubuntu updates like crazy, but no updates at all in several months makes it very likely that they just don't have enough manpower to provide such a service. And that does make your distribution vulnerable. My experience may be outdated, but I'd bet it's still the same given this article...
Re:+1 Article Troll by wile_e8 · 2013-11-18 11:15 · Score: 5, Informative

Read the statement from Clem in the summary. Linux Mint updates just as fast as Ubuntu on most things, but has certain updates that could potentially crash otherwise stable machines disabled as a default. If you are really concerned about these to avoid vulnerability, they are easy to enable. Nothing about Linux Mint updates are slow after you enable them.
Re:+1 Article Troll by exomondo · 2013-11-18 11:29 · Score: 5, Insightful

The problem is these are labeled Unsafe Packages and Dangerous Packages, now with those descriptions what user is going to say "yes I want those"? It states that these can affect stability, which is true, but leaves out that they could be critical security patches, which is also true.
The real beneficial fix to end users here would be to state the whole truth about these updates.
Canonical Failed? by enter+to+exit · 2013-11-18 11:36 · Score: 4, Interesting

Ubuntu is in a rut. They're not making money, growth is plateauing, it's mindshare is diminishing. It's questionable if they'll ever make a profit. I mean why Ubuntu over Novell, Oracle or RedHat for enterprise stuff? RedHat is a billion dollar publicly listed company..Novell is owned by attachemate group (a billion dollar revenue company) and Oracle poops money.

The Ubuntu Edge was a hail Mary pass that failed. They lack the revenue (and wherewithal) to get into hardware and no hardware maker wants to partner with them.

I have to wonder, when will shuttleworth stop? Would it be extreme to say Canonical is a failed company? At what point is Ubuntu going to transition into a community driven OS? Ubuntu TV is vapourware, their phone OS relies on someone willing flashing their nexus..They've totally fucked their Desktop OS and it's unclear why anyone would select them for enterprise support considering the breadth of their competition.
End of the world? by dshk · 2013-11-18 11:48 · Score: 5, Insightful

We are talking about a short, almost personal comment on the developer's mailing list of Ubuntu:

i personally wouldn't do online banking with it ;)
Compare this with the Slashdot article title:

Canonical Developer Warns About Banking With Linux Mint
Whether he is technically right, or not, I find it disgusting that such a side note becomes news on Slashdot.
By the way, the subject was another new distribution based on Ubuntu, similar to Mint, therefore the Ubuntu developer actually encouraged an Ubuntu derivative.