Linux Mint may start pushing high-priority patches to users

Community Linux distributions are easygoing with updates and patches. Yes, they’d like you to update, but they don’t insist on it. Now, though, the popular Linux Mint distribution has had enough of people running out-of-date distributions and programs. In the future, Mint’s Update Manager may “insist” you make important security updates.  

ZDNet Recommends

The best cyber insurance

The cyber insurance industry is likely to go mainstream and is a simple cost of doing business. Here are a few options to consider.

Read More

This all started because Mint’s maintainers found many Mint users were not keeping their software up-to-date. Mint researchers found less than a third of its users updated their web browser within a week of a new version’s release, and as many as 30% of users may still be still running Linux Mint 17.x. That specific distribution hasn’t been supported since April 2019. This, in turn, meant they haven’t received security updates for close to two years. 

Yes, Linux tends to be more secure than other operating systems, but that doesn’t mean there have been no serious security bugs. For example, a decade-old sudo bug has recently been patched, and the ancient — but always troublesome — memory addressing tool set_fs() was finally removed. As lead Mint maintainer Clement “Clem” Lefebvre wrote, you must update not just because an outdated system is vulnerable, “it is known to be vulnerable.”

Besides, Update Manager doesn’t just patch Linux bugs, it also updates and patches all software on your Linux system. So, for example, when you update Linux Mint, you’re also updating the default Firefox web browser. 

It’s not like it’s hard to do either. Clem said: “Linux Mint comes with one of the best update managers available. It’s very easy to use, it’s configurable, and it shows a lot of information.” He’s right. “All you need to do is use it.”

Unfortunately, even after warning users that they need to keep their Mint systems up to date, people still aren’t doing it. 

Why? Clem explained in a note: “Many users think updates should be applied but don’t do it often, either because they haven’t gotten around to automate the process, or they thought they’d do it often but they don’t, or for some, they even got used of that little orange dot in their system tray and don’t really pay attention to it anymore. Giving these users a reminder after a while is something they might appreciate, they’re the people we’re doing this for.”

Therefore, Mint developers are working on Update Manager improvements. Besides looking for available updates, the Manager will also track cases where updates are overlooked. This will include metrics on when updates were last applied; when were packages last upgraded; and how many days have passed since a particular update was made available. 

Armed with this data, “in some cases, the Update Manager will be able to remind you to apply updates. In a few of them, it might even insist.”

The developers don’t want to get in your way. As Clem wrote, “We have key principles at Linux Mint. One of them is that this is your computer, not ours.” 

This also means that this data won’t be sent to the Linux Mint organization. Clem explained, “Under no circumstances will the data be sent anywhere.” Instead, the Update Manager only keeps the data it needs to make sure you’re at least looking at available patches. If you are, it then deletes the local data. 

At the same time, they don’t want users continuing to run potentially dangerously out-of-date setups. So, at this point, “We’re still forming strategies and deciding when and how the manager should make itself more visible so it’s too soon to speak about these aspects and get into the details which probably interest you the most here. So far we worked on making the manager smarter and giving it more information and more metrics to look at.”

Eventually, Mint may be more aggressive about insisting you secure your system, but for now, its developers are trying to strike a balance between keeping users safe and not annoying them. Stay tuned for more developments.

Related Stories:

READ MORE HERE