Getting online this morning was in interesting experience, seemingly some news sites picked up a two week old post to a mailing list thread from me to turn it into something that generates revenue for them …

… intrestingly even though the original post was linked in all of these articles, people seem to be more intrested in the interpretation of the reporters of the sites than to read the actual thread, putting potential words from Canonical into my mouth that i didn’t ever say.

I must say I find that pretty offending to me as an individual … yes, I do work for Canonical (still happily since nearly 9 years now and I love what I do and plan to go on to do so …) but please allow me to have my own mind and opinions, not everything an Ubuntu developer says is coordinated by Canonical, even if this statement might trash you conspiracy theories … (oh, and not every Ubuntu developer works for Canonical … unlike some people might want you to think, the Ubuntu dev community is healthy and happily chuggin along, with the new Ubuntu Touch community vibrantly growing)

What I wrote was my own personal opinion (that was actually the reason to use the word “personally” in my sentece about home banking, but I am not a native english speaker, so I might have misunderstood its meaning for all these years)

What I also did was to point to code evidence that shows that Linux Mint supresses security updates for certain software in its default setup … while it might be true that it is configurable and that it is only disabled for certain packages out of the box, this is still an evident fact and can be seen in the code, there is nothing to argue or discuss about (and as I learned now it seems to be part of the Mint philosophy since security updates seem to have caused them instabilities in the past)

Indeed I couldn’t keep my feet still and made the mistake to actually read comments on the different articles …

“He fears losing his job and needs to stir up stuff” … dude … after such a long time in an opensource company and getting headhunter offers regulary, you dont have to worry for your job … what I’m actually worried about is the undeserved badmouthing of Ubuntu based on FUD. Ubuntu is more than Canonical or its decisions, please don’t discredit the work of many many contributors out there … if you want to attack Canonical, do it, but pretty please take into account that Ubuntu is more than Canonical … Oh, and the stirring up part … I can tell you it isn’t any pleasure to be in focus like that for a side statement you made weeks ago …

“He wants to badmouth Linux Mint because they steal users from Ubuntu” … I seriously don’t care if users use Ubuntu, Xubuntu, Mint or elementaryOS, in fact it makes me proud to know they base on work I participated in (note that I maintained one of the first derivative distros of Ubuntu (edubuntu) for about two years nearly on my own) derivatives (and the work they feed back into the Ubuntu archive) are a big part of the Ubuntu ecosystem, why would any sane developer badmouth them ?

A big thanks to OMGUbuntu for fixing their headline … which initially suggested that I “advised” users to not use Mint because it is vulnerable, I never did, I just stated that I personally would not use it for online banking since I know they dont install all available security updates by default …

Seriously, I HATE raisins, I would never eat a cheesecake that contains raisins … did I ask anyone to not eat raisins or did I propose to stop producing them in the former sentence ? no, obviously I didnt … and I dont want the raisin farmers go jobless just because I dont like their product … why people did read something like this into my words in the mail that was quoted is really beyond me …

So lets see if we can get something constructive out of all this, obviously would I be a debian developer that had posted to some debian ML nobody would have picked it up … but since this trivial statement has drawn so much attention we can probably both benefit from it…

Clement Lefebvre’s statement

To me PERSONALLY suppressing any available security updates is a no-go and while Clem points out that it is configurable in Mint, I don’t belive my Mom or my sister would get along with that, they would just use the default. Which would leave them obviously vulnerable with some packages (wether the vulnerabilities are exploited or not, there are open security holes in your system after all) … obviously the practice to suppress these updates stems from bad experience with using Ubuntu provided security updates …

Hey Clem ! … so how about we take a look at this and improve that situation for you, obviously something in Ubuntu doesn’t work like you need it, Canonical puts a lot of time and money into improving the QA since about two years. I think it would be really helpful to sit down and look if we can improve it well enough for both of us to benefit (Ubuntu from your feedback and you from improvements we can do to the package quality) … wether you still want to suppress updating any packages or not even after we fixed the issue for you, is indeed your choice, but please dear press allow me to also still not use Mint for online banking then 😉

Quotes from the comments section in the above page:

… “Maybe it is time to re-evaluate whether security updates should be held back by default. Ubuntu have made steps to avoid regressions such as Phased Updates.” …

Clem: … “I’d be happy to have that discussion and look at the pros and cons post Mint16 release. It’s not a reaction to a particular incident though, it’s a difference in policy. We actually built the tools that would allow us not to make it trivial for people to apply changes blindly. There’s pros and cons to it, and that’s why it’s configurable.” …

So hey, as much out of bounds these press posts were for such a non-issue, it apparently caused some discussions and will possibly improve the situation for all of us in the end …

Oh, and btw … many people missed the actually interesting part in the mail thread … having Mate in debian and Ubuntu will definitely reduce the maintenance work for Mint since they can just pull it in from the respective archives (and it might bring Ubuntu another new derivative distro)