How long does a given version of Slackware have security support?
SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
You also have to remember that just because a security update comes available for a package doesn't mean it will be immediately deployed. Packages (especially for an OS like GNU OS) require testing to ensure they are stable enough for mass deployment across the spectrum of distributions supported. This isn't just a Slackware or Linux thing, it's a universal OS thing. If you are a Windows, OS-X, GNU BSD, or a GNU Linux administrator, you just don't drop in a new package out to deploy without thoroughly testing it.
If anything Patrick and the Slackware team thoroughly test everything before deploying it. That's why Slackware-current (both x32 and x64) exists as a testing ground and why the Slackware mailing list and Linuxquestions.org exists.
But lastly you also have to remember this... the GNU Linux OS is a customizable OS. It's up to you mostly to administrate and monitor your own systems. If you find a security update before Patrick does, don't simply rely on Patrick to do everything for you. Download, compile, and install the update yourself.
Click here to see the post LQ members have rated as the most helpful post in this thread.
I am not sure about very long security support for old versions. or at least not for all packages. an example:
slackware 13.1 comes with mozilla-firefox 3.6.x ... latest 3.6.x mozilla-firefox version with all patches is 3.6.21 but the latest mozilla-firefox version in slackware is 3.6.19. and I am talking about 13.1 and that is previous version which was the newest one until few months ago.
I would recommend not to rely only on official updates. I am following slackware security list but I am also updating firefox, thunderbird and a few other applications manually to avoid waiting.
I am not sure about very long security support for old versions. or at least not for all packages. an example:
slackware 13.1 comes with mozilla-firefox 3.6.x ... latest 3.6.x mozilla-firefox version with all patches is 3.6.21 but the latest mozilla-firefox version in slackware is 3.6.19. and I am talking about 13.1 and that is previous version which was the newest one until few months ago.
I would recommend not to rely only on official updates. I am following slackware security list but I am also updating firefox, thunderbird and a few other applications manually to avoid waiting.
You failed to show the many updates between 3.6.3 to 3.6.19. There were several updates between the minors that are major software changes, so why not replace to a valid secure package.
You can look at the security logs to see the progression and change notes.
I disagree with your statement about not relying on official updates. Some individuals do not have the means nor desire to follow upstream updates.
BTW, security for Slackware is covered back too version 8.1. through '-current'. Some users do not always use current versions of Slackware.
If it ain't broke don't fix it!
You failed to show the many updates between 3.6.3 to 3.6.19. There were several updates between the minors that are major software changes, so why not replace to a valid secure package.
that is correct. 3.6.16 , .17 or .18 were there. 3.6.19 too. but 3.6.20 or 3.6.21 not. that is a fact. and 3.6.20 and 3.6.21 are security updates and not feature updates.
Quote:
I disagree with your statement about not relying on official updates.
I did not say not to rely but not to rely ONLY on official updates.
Quote:
Some individuals do not have the means nor desire to follow upstream updates.
To clarify a bit. Some users do not follow software changes for applications like mozilla-firefox(upstream) but rely on Slackware's team to provide necessary changes. Both for security and feature changes, some users rely on the team to provide packages.
That is true for reliance for official Slackware packages to insure there are no problems for a user.
that is true even for me in some cases but whether a user choose to follow software changes has nothing to do that with a fact that slackware repository does not have security patches or an updated version of a "bad" application.
but there might be a good explanation (which I missed) for not providing updates for mozilla-firefox package.
that is true even for me in some cases but whether a user choose to follow software changes has nothing to do that with a fact that slackware repository does not have security patches or an updated version of a "bad" application.
but there might be a good explanation (which I missed) for not providing updates for mozilla-firefox package.
Security updates are provided via the '/patches' directory for your version at a favorite mirror. You my friend do not have a clue as to where, how & why the Slackware team provides security patches or updates. If you sign up for security announcements via Mailing Liststhen you will get notification(s). Another option is to follow '-current' changelog to track changes but the best and easiest is via the mailing list.
EDIT: PV & team do not always provide or make changes to upstream software. Packages that are working with the version will sometimes remain the same. Therefor tracking upstream is sometimes provided by notification(s) from users to PV & team. PV will decide if the changes are justifiable.
Last edited by onebuck; 09-06-2011 at 10:44 AM.
Reason: add note for upstream
Hi
Security updates are provided via the '/patches' directory for your version at a favorite mirror. You my friend do not have a clue as to where, how & why the Slackware team provides security patches or updates. If you sign up for security announcements via Mailing Liststhen you will get notification(s). Another option is to follow '-current' changelog to track changes but the best and easiest is via the mailing list.
EDIT: PV & team do not always provide or make changes to upstream software. Packages that are working with the version will sometimes remain the same. Therefor tracking upstream is sometimes provided by notification(s) from users to PV & team. PV will decide if the changes are justifiable.
I do not see what is actually your problem with my statement. I just said that users should not only rely on official patches but also look directly in applications. mozilla-firefox is/was a good example for missing some security patches. you are defending without any concrete explanation ("PV decides" is not an explanation) the fact that FF package was not patched and I see no reason why.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.