LinuxQuestions.org
Visit Jeremy's Blog.
Go Back   LinuxQuestions.org > Forums > Linux Forums > Linux - Security
User Name
Password
Linux - Security This forum is for all security related questions.
Questions, tips, system compromises, firewalls, etc. are all included here.

Notices


Reply
  Search this Thread
Old 02-06-2017, 04:14 AM   #1
eronis
LQ Newbie
 
Registered: May 2014
Location: Samsun/Turkey
Distribution: Fedora
Posts: 8

Rep: Reputation: Disabled
Question How safe is Ubuntu ?


You know, Ubuntu support is confusing. When I write ubuntu-support-status, it keeps telling me I have unsupported packages on 16.04. I regularly do update. I've learned Canonical leave these packages to focus on development. But I think it's dangerous. If package is not being maintained anymore then it's a security flaw. Even on mailing list (IRC) people explained me Ubuntu support stuff but it seemed a bit annoying for me because it seemed I was right to worry.

How secure is Ubuntu compared to Arch, Fedora, openSUSE or Debian like other distros ?

Note: Yeah, I've Googled it first many times and I've seen lots of similar questions on Google but most people asked wrong question or some people gave irrevelant answers so I felt like to ask it for myself.I couldn't get a good answer for my question. Please, I just want your opinion about it.

Last edited by eronis; 02-06-2017 at 04:15 AM.
 
Old 02-06-2017, 06:17 AM   #2
snowday
Senior Member
 
Registered: Feb 2009
Posts: 4,667

Rep: Reputation: 1409Reputation: 1409Reputation: 1409Reputation: 1409Reputation: 1409Reputation: 1409Reputation: 1409Reputation: 1409Reputation: 1409Reputation: 1409
Do you have a specific concern about a specific package? That might be a good starting point for a conversation.

Generally speaking, Ubuntu has an excellent reputation for security and is widely used in business, science, education, government, etc. Here are some good resources to start learning about security in Ubuntu: https://ubuntuforums.org/showthread.php?t=510812

Any specific questions, i.e. specific threats that concern you, or specific packages that you are looking for instructions to bring up-to-date?
 
1 members found this post helpful.
Old 02-06-2017, 06:45 AM   #3
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
Code:
ubuntu-support-status
...
You have 22 packages (4.2%) that are unsupported
and around 19.04 (the next LTS release) we'll have or should have zero.

Something wrong?
Are they packages you installed?
 
Old 02-06-2017, 07:09 AM   #4
eronis
LQ Newbie
 
Registered: May 2014
Location: Samsun/Turkey
Distribution: Fedora
Posts: 8

Original Poster
Rep: Reputation: Disabled
Quote:
Originally Posted by snowpine View Post
Do you have a specific concern about a specific package? That might be a good starting point for a conversation.

Generally speaking, Ubuntu has an excellent reputation for security and is widely used in business, science, education, government, etc. Here are some good resources to start learning about security in Ubuntu: https://ubuntuforums.org/showthread.php?t=510812

Any specific questions, i.e. specific threats that concern you, or specific packages that you are looking for instructions to bring up-to-date?
No, I don't have a specific package in my mind. I'm talking system wide security. I've checked from my mom's laptop and felt stupid;

Unsupported packages;
Gstreamer, libavcodecs, unrar, ttf-mscorefonts, unity-tweak, compizconfig, ubuntu-restricted like :/

I guess this is because of legal issues, right ?
 
Old 02-06-2017, 08:23 AM   #5
sundialsvcs
LQ Guru
 
Registered: Feb 2004
Location: SE Tennessee, USA
Distribution: Gentoo, LFS
Posts: 9,078
Blog Entries: 4

Rep: Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187Reputation: 3187
A package might be old, therefore "unsupported," and still work just fine. (ttf-mscorefonts is a great example, because it consists of TrueType™ Fonts!)

You need to do a little research to see if any security vulnerabilities have been reported in the packages that you use. If there is a more recent version of any package then it's probably a good idea to upgrade to it.
 
Old 02-06-2017, 08:49 AM   #6
hortageno
Member
 
Registered: Aug 2015
Distribution: Ubuntu 16.04 LTS
Posts: 236

Rep: Reputation: 65
I think "sudo ubuntu-support-status --show-unsupported" reports all packages installed through a 3rd party repository. My system is up-to-date and the command reports mariadb-* mythtv-* and so on as unsupported. Most, if not all of them, are installed through a PPA.
 
Old 02-06-2017, 10:29 AM   #7
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
Code:
cat /etc/lsb-release
output please.

The "restricted" is a fair and reasonable deduction.
+1
tho' not all packages fall into that category?

Last edited by Habitual; 02-06-2017 at 10:32 AM.
 
Old 02-06-2017, 11:44 AM   #8
snowday
Senior Member
 
Registered: Feb 2009
Posts: 4,667

Rep: Reputation: 1409Reputation: 1409Reputation: 1409Reputation: 1409Reputation: 1409Reputation: 1409Reputation: 1409Reputation: 1409Reputation: 1409Reputation: 1409
Quote:
Originally Posted by eronis View Post
No, I don't have a specific package in my mind. I'm talking system wide security. I've checked from my mom's laptop and felt stupid;

Unsupported packages;
Gstreamer, libavcodecs, unrar, ttf-mscorefonts, unity-tweak, compizconfig, ubuntu-restricted like :/

I guess this is because of legal issues, right ?
For any package, you can use 'apt-cache policy' to learn more. For example:

Code:
apt-cache policy ttf-mscorefonts-installer
By default, Ubuntu only installs software from the Main repository of Canonical-supported open source application. Because open source is all about freedom, the user is free to install unsupported software from other repositories including Universe, Restricted, Multiverse, and various third-party PPAs. I bet if you do an 'apt-cache policy' for each of the packages you mentioned, you will see they don't come from the Canonical-supported Main repository, they come from some other repository, and that is why they are showing as unsupported. For example Microsoft fonts, why should Canonical list that as "supported" by them when it is a closed source proprietary Microsoft product provided as-is?

More info here about Ubuntu repositories: https://help.ubuntu.com/community/Repositories/Ubuntu

Last edited by snowday; 02-06-2017 at 12:25 PM.
 
1 members found this post helpful.
Old 02-06-2017, 03:25 PM   #9
eronis
LQ Newbie
 
Registered: May 2014
Location: Samsun/Turkey
Distribution: Fedora
Posts: 8

Original Poster
Rep: Reputation: Disabled
Thanks for your attention/information. My mind is clear now and I got all answers I wanted. Thanks for great support, have a nice day
 
Old 02-06-2017, 05:17 PM   #10
Habitual
LQ Veteran
 
Registered: Jan 2011
Location: Abingdon, VA
Distribution: Catalina
Posts: 9,374
Blog Entries: 37

Rep: Reputation: Disabled
Go TeamLQ!
 
1 members found this post helpful.
  


Reply


Thread Tools Search this Thread
Search this Thread:

Advanced Search

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts

BB code is On
Smilies are On
[IMG] code is Off
HTML code is Off



Similar Threads
Thread Thread Starter Forum Replies Last Post
Is, cz.archive.ubuntu.com, a safe repository ? NewbieMark Ubuntu 1 05-31-2014 09:12 AM
ubuntu 9.04 fglrx upgrade = safe? chickenlinux Linux - Newbie 8 06-16-2009 12:02 AM
LXer: Safe Surfing With Ubuntu LXer Syndicated Linux News 1 12-19-2008 03:58 AM
Safe ubuntu tweak? Mr.Carioca Ubuntu 5 09-14-2008 11:53 PM
SSH and SFTP with Ubuntu 6.06. Safe? Micro420 Linux - Security 2 08-27-2006 09:55 PM

LinuxQuestions.org > Forums > Linux Forums > Linux - Security

All times are GMT -5. The time now is 04:55 AM.

Main Menu
Advertisement
My LQ
Write for LQ
LinuxQuestions.org is looking for people interested in writing Editorials, Articles, Reviews, and more. If you'd like to contribute content, let us know.
Main Menu
Syndicate
RSS1  Latest Threads
RSS1  LQ News
Twitter: @linuxquestions
Open Source Consulting | Domain Registration