20131128-3 选题两个一对儿的呼应文章

2025-03-21 02:10:11 +08:00 · 2013-11-28 14:09:55 +08:00 · 2013-11-28 14:09:55 +08:00 · 9b0ae4a2de
commit 9b0ae4a2de
parent 2dc45d1b48
2 changed files with 89 additions and 0 deletions
--- a/sources/Canonical
+++ b/sources/Canonical
@ -0,0 +1,44 @@
+Canonical Dev Calls Linux Mint ‘Vulnerable’, Wouldn’t Use it For Online Banking
+================================================================================
+> Linux Mint has since responded to the comments by Oliver Grawert. [You can read them here][1].
+
+**Users of the popular Ubuntu-based operating system Linux Mint should not use it for online banking, a Canonical [engineer has advised][2].**
+
+Mint’s decision to prevent packages with known security issues from updating – from the kernel and browser to the boot-loader and Xorg display server – leaves its users with a “vulnerable system”, says *Oliver Grawert*.
+
+> “Instead of just integrating changes properly with the packages in the ubuntu archive they instead suppress doing (security) updates at all for them. i would say forcefully keeping a vulnerable kernel browser or xorg in place instead of allowing the provided security updates to be installer makes it a vulnerable system, (sic)”. 
+> 
+> “I personally wouldn’t do online banking with it.”
+
+Grawert certainly isn’t alone in considering Mint a sub-par choice for the security conscious. Mozilla contributor and former Ubuntu member Benjamin **Kerensa* feels the same:**
+
+> “It is unclear why Linux Mint disables all of their security updates. I can say that it took them many months to get a fixed version of Firefox packaged while Ubuntu and Debian had already had security fixes in their package.
+> 
+> This puts Linux Mint users at risk and is one of the key reasons I never suggest Linux Mint to anyone as an alternative to Ubuntu.”
+
+Oliver Grawert is no fly-by-night contributor. As one of Canonical’s Ubuntu Engineering bods he’s better placed than most to know what he’s talking about.
+
+> ‘But are Mint users in actual risk? Yes and no…’
+
+But are Mint users in actual risk?
+
+Yes and no. The majority of security “holes” (for want of a better word) of the kind present in the packages that Mint’s developers steadfastly refuse to update are both documented and known, but rarely exploited by those of a nefarious breed. As such the “actual threat” posed to users remains, at least for now, largely a theoretical one.
+
+That’s to say that there are no known incidents of identify theft or worse resulting from use of Mint (or any other Ubuntu-based distribution with unpatched packages) through any of the exploits referenced by Grawert on the Ubuntu Dev Mailing List.
+
+But just because no-one has entered through the window left ajar thus far, isn’t to say someone won’t ever do it.
+
+**After seeing Ubuntu given a long and sustained kicking about its own (largely theoretical) privacy issues, it will be interesting to see if, now the boot is placed firmly on the other foot, the vehement concern for users’ wellbeing will extend to other distributions. **
+
+Notice: We reached out to Linux Mint for comment & clarification but received no reply.
+
+--------------------------------------------------------------------------------
+
+via: http://www.omgubuntu.co.uk/2013/11/canonical-dev-dont-use-linux-mint-online-banking-unsecure
+
+译者：[译者ID](https://github.com/译者ID) 校对：[校对者ID](https://github.com/校对者ID)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译，[Linux中国](http://linux.cn/) 荣誉推出
+
+[1]:这个地址在发布的时候填写成“Linux Mint Respond to Ubuntu Developer’s ‘Vulnerable’ Claim”这篇文章的发布的地址
+[2]:https://lists.ubuntu.com/archives/ubuntu-devel-discuss/2013-November/014770.html
--- a/sources/Linux
+++ b/sources/Linux
@ -0,0 +1,45 @@
+Linux Mint Respond to Ubuntu Developer’s ‘Vulnerable’ Claim
+================================================================================
+**It’s never a particularly tasty task having to write a news article on something that you know is going to cause headache and upset in the wider community.**
+
+Earlier today I had to grin and bear it as I did just that in an article relaying comments made by Canonical engineer Oliver Grawert in which he branded Linux Mint a “‘vulnerable’ system” due to the way the distro provides security updates to users.
+
+*Tl;dr: they don’t. (At least, not automatically.)*
+
+A Canonical developer highlighting security concerns with another distro might sound like pure click bait on paper, but in practice it has important ramifications for users. Security is important, even on a platform that most perceive as invincible.
+
+> ‘To put my own Top Trumps cards on the table, I was unaware that Mint held back security updates…’
+
+Whether you agreed with Oliver’s take on Mint’s approach or not, **his comments were worth relaying**. These weren’t made by someone with an axe to grind.. They were informed by his esteemed position as an Ubuntu engineer. He knows what he’s talking about. Whether correct or misplaced, his comments have resulted in positive discussions about how security update practices should be handled.
+
+To put my own Top *Trump™* cards on the table, I was unaware that Mint held back security updates for packages like Xorg and the Linux Kernel. So, at the very least, this mini-furore – borne largely out of knee-jerk reaction to the comments rather than their content in intent – has served a purpose.
+
+### Mint Respond ###
+
+Linux Mint head-honco Clement Lefebvre has since responded to the remarks, saying that he and his team of developers are “very happy with the filtering system” for security updates in Mint.
+
+> ” We explained why the Ubuntu update policy was not good enough for us and we consequently developed the update manager to solve that particular problem.
+> 
+> Firefox doesn’t come to you later in Mint than it does in Ubuntu (it’s a level 2 update).
+> 
+> Yes, by default you get updates in Ubuntu for kernels and Xorg and not in Mint. Yes, there’s a very good reason for that.”
+
+While Lefebvre doesn’t expand on precisely what that “very good reason” is, the general consensus on the web seems to be that Kernel and Xorg updates are held back because of the stability and performance issues that sometimes arise after upgrading.
+
+Which, in many ways, is understandable.
+
+Linux Mint don’t prevent their users from installing these updates but they are not enabled by default.
+
+For further information on Linux Mint’s approach to security refer to the following blog post.
+
+- [Linux Mint – Security Vs Stability][1]
+
+--------------------------------------------------------------------------------
+
+via: http://www.omgubuntu.co.uk/2013/11/linux-mint-responds-ubuntu-developers-security-claims
+
+译者：[译者ID](https://github.com/译者ID) 校对：[校对者ID](https://github.com/校对者ID)
+
+本文由 [LCTT](https://github.com/LCTT/TranslateProject) 原创翻译，[Linux中国](http://linux.cn/) 荣誉推出
+
+[1]:http://segfault.linuxmint.com/2013/11/answering-controversy-stability-vs-security-is-something-you-configure/