December 22nd, 2016

Dear CIO: Linux Mint Encourages Users to Keep System Up-to-Date

Regardless of what you may have read elsewhere, the Linux Mint team takes security very seriously and wants you to keep your system up-to-date.

Swapnil Bhartiya gets it wrong.

Let me start by pointing out that Bhartiya is not only a capable open source writer, he’s also a friend. Another also: he knows better. That’s why the article he just wrote for CIO completely confounds me. Methinks he jumped the gun and didn’t think it through before he hit the keyboard.

The article ran with the headline Linux Mint, please stop discouraging users from upgrading. In it, he jumps on Mint’s lead developer Clement Lefebvre’s warning against unnecessary upgrades to Linux Mint.

The sage advice Lefebvre offers, and which prompts Bhartiya’s tirade is: “If it ain’t broke, don’t fix it.”

“You might want to upgrade to 18.1 because some bug that annoys you is fixed or because you want to get some of the new features. In any case, you should know why you’re upgrading. As excited as we are about 18.1, upgrading blindly for the sake of running the latest version does not make much sense, especially if you’re already happy and everything is working perfectly.”

Let me paraphrase what Lefebvre is saying: As long as you’re using a supported version of Mint, careful consideration should be made before upgrading to the latest and greatest — especially if you’re a new user who might be apt to lose data in the process.

This is good advice, and most of us who don’t have the disease of insisting on having the latest-and-greatest of everything, usually follow it — whether we’ve read Mr. Lefebvre’s personal advice on the subject or not.

Example: Until I swapped out an aging desktop here at FOSS Force a few weeks back, we had been running Mint 17.0. “Qiana” Xfce edition, which was the latest and greatest when we put the desktop in service. Since then, there have been three new Mint Xfce releases, but we haven’t bothered to upgrade to newer versions. Why? With Qiana fully supported until 2019, there was no reason to bother.

The keyword expression here is “fully supported,” which is where my friend Bhartiya made a complete left turn and goes into his tirade about the need to keep a system patched for security vulnerabilities, while wrongly shaming the Mint team for suggesting otherwise.

“A few days ago there was a bug in Ubuntu apport that allows anyone to hijack Ubuntu based systems, including Linux Mint. There was another 0-day bug in Ubuntu and Fedora that compromised a system. Every month we come across new vulnerabilities in Linux that are patched by the kernel community or the upstream projects immediately. However, I have never seen any vulnerability reports on the Linux Mint site. “I am not sure if Linux Mint users really keep an eye on such bug reports. You can’t really keep up with them unless it’s a focus area for you. “Security is not an ‘If it ain’t broke, don’t fix it’ problem.”

Nope. It’s not. And that’s absolutely not what Lefebvre meant when he suggested, again, that you might want to think twice before upgrading to a new version of the distro when the one you’re using is already supported.

Obviously, Bhartiya is confusing “upgrading” with “updating.”

Linux Mint takes updating your system, both for the latest security patches and bug fixes as well as to keep your system up-to-date with the latest versions of your software, very seriously. So seriously, in fact, that the Update Manager is constantly on display, alongside information about the Internet connection and time-and-date.

The update manager icon switches from being grayed-out to blue when updates are available. On the new-to-us machine I’m using to write this article, running Mint 18.0, the Update Manager is currently indicating updates are available. If I pause the cursor over the icon, it notifies me that “5 recommended updates available,” as well as indicating the download size for the updates at 8MB. Clicking on the icon brings up the manager, with a list of uninstalled updates. All that’s necessary from here is to click “Install Updates,” supply a user password when prompted, and the system does the rest.

By design, Linux Mint does not update automatically, and that’s how it should be — most Linux users don’t want anything automatically installed on their computers. And indeed, new users should be instructed on the importance of keeping their system up-to-date and taught to take a gander at the Update Manager icon at least once a day or so to see if anything needs installing.

But to suggest that the Mint crew is putting its users at risk merely by suggesting they might want to think twice before installing the distro’s latest and greatest when the version they’re using is fully supported is very unfair — and misinterprets the point being made.

Related