SlackwareThis Forum is for the discussion of Slackware Linux.
Notices
Welcome to LinuxQuestions.org, a friendly and active Linux Community.
You are currently viewing LQ as a guest. By joining our community you will have the ability to post topics, receive our newsletter, use the advanced search, subscribe to threads and access many other special features. Registration is quick, simple and absolutely free. Join our community today!
Note that registered members see fewer ads, and ContentLink is completely disabled once you log in.
If you have any problems with the registration process or your account login, please contact us. If you need to reset your password, click here.
Having a problem logging in? Please visit this page to clear all LQ-related cookies.
Get a virtual cloud desktop with the Linux distro that you want in less than five minutes with Shells! With over 10 pre-installed distros to choose from, the worry-free installation life is here! Whether you are a digital nomad or just looking for flexibility, Shells can put your Linux machine on the device that you want to use.
Exclusive for LQ members, get up to 45% off per month. Click here for more info.
Like i said, just because pat built it does not mean it is not stable.
i have maybe 20 files sitting in ~/packages. They are just as stable as if pat had built them.
There is more to a package being stable than the single instance that it was built. It also involves ongoing support, and that is where official Slackware packages really show their difference. Now, a person can certainly build their own packages and keep them promptly supported by following all the associated security notices, vulnerability fixes, and system conflict resolutions, then download the relevant patches, and upgrade the impacted applications and/or libraries, thereby keeping their system stable and secure. However, even if they do this, they may often not be aware of related issues which could impact the stability of analogous packages, and these types of instances are often mentioned in the Slackware changelogs. The problem is that most will never be that diligent in their system management. As demonstrated, official Slackware packages are fully supported to the extent mentioned above for at least four years, and that includes all the KDE packages. I have yet to see anyone show that the same is true for the Gnome flavors being discussed.
This does not mean that the Gnome packages are not quality builds, and I am certainly not advocating that they should be avoided. As mentioned earlier, I in fact use the FRG packages on my own system. But, it is equally important to recognize why it is often more desirable to keep as many of the official Slackware packages as possible on your box if you are not planning on being as watchful as Pat when it comes to package maintenance. I fear that many users would not even bother with finding out what these package replacements are, much less realize that unless they frequently turn their desktop over, these unofficial packages won't be updated with security and system fixes for the same duration and extent as the established Slackware builds.
quite possibly a "moot" point, IMHO, as it seems to always devolve into this type of thing. (Please note I said "quite possibly" and noted it was MHO here)
The Dropline GNOME devs are getting close to a release of 2.14.x in the VERY near future. Here are some screenshots of the latest 'n' greatest:
Gosh, I didn't mean to cause arguments with this thread.
But anyway, thanks for all the responses, it has been very helpful. Since the horror stories about dropline wrecking things are unfounded I'm almost certainly going to be getting dropline but before I make my mind up once and for all (I've been playing around with alternate enviros at the moment) can anyone tell me if usb automounting works in freerock? I've seen a couple of mentions that it does in dropline but I don't remember anything saying it does in freerock.
Gosh, I didn't mean to cause arguments with this thread.
Most arguments are the result of people speaking on topics that they either don't understand but pretend to anyway, or (much worse) firmly believe they understand but in reality have an incredible lack of knowledge on the subject. Naturally, there is going to be some backlash as steps are taken to correct such erroneous information. Please do not let this discourage you or cause you to feel that you are in any way responsible. The best thing that can happen is that topics get hashed about, and it is usually the case that in the end the community is better educated.
Way to contribute nothing to a thread but insults to the people who you disagree with!
I'd say, quite confidently, that most arguments are caused by people who believe two different things, and those two beliefs are contradictory.
Like i said, Dropline does not have a policy that far fetched. Bugs that are in gnome get fixed in new releases, new releases that you really have no reason to not upgrade to, just as in KDE.
According to the changelog, for slackware 10.2, there have been 2 serious security problems with KDE since Pat's last upgrade, that have not been patched at all. Looking at slackware 9.0, there have been more than 20 serious security problems with KDE that have not been patched by pat. All of which affect slackware 9.0, none of which have been patched.
Again, nothing different from dropline, or freerock for that matter, or any other operating system, even commercial operating systems.
Things like Sendmail do get updated. And guess what? You can use those with dropline, but things like KDE do not get updated nearly as often as they could, just as gnome doesn't in Freerock/dropline/gware. The only difference is, when i am using Dropline gnome, i know I have every single update possible for Gnome 2.12, adn when 2.14 is released officially, i will get every update for 2.14 that comes out.
Last edited by liquidtenmilion; 04-21-2006 at 11:00 PM.
Gosh, I didn't mean to cause arguments with this thread.
But anyway, thanks for all the responses, it has been very helpful. Since the horror stories about dropline wrecking things are unfounded I'm almost certainly going to be getting dropline but before I make my mind up once and for all (I've been playing around with alternate enviros at the moment) can anyone tell me if usb automounting works in freerock? I've seen a couple of mentions that it does in dropline but I don't remember anything saying it does in freerock.
HAL support should work in all three. I believe that in the case of Freerock, you will need to manually install some fixes for udev. We've been including our own udev pack in Dropline since GNOME 2.12.0 for this very reason. I believe that Gware started doing this as well, but I'm unsure. Either way, with little or no TLC, automounting should work on any of the three. If FRG and Gware don't include their own Udev, then I believe that they will offer some documentation on how to fix it manually.
According to the changelog, for slackware 10.2, there have been 2 serious security problems with KDE since Pat's last upgrade, that have not been patched at all. Looking at slackware 9.0, there have been more than 20 serious security problems with KDE that have not been patched by pat. All of which affect slackware 9.0, none of which have been patched.
Please link directly to the security issue notice you are referring to in KDE. Based on what I _think_ you are talking about, these don't even apply to the official Slackware packages, but you could be of assistance by being more explicit. Start with the ones you refer to for 10.2 and post the direct link (not the summary recap page). Be sure to read the 'Systems Affected' line as this is important in determining exactly what environments are included in the notice. Let's look at the two issues you mention that impact 10.2 before moving any further.
Did you even read any of the security advisories? It is quite clear that many of them have 3.1.3 affected, which is what 9.0 uses.
Here is one right here http://www.kde.org/info/security/adv...20050815-1.txt. It affects 9.0's kde, but it has never been patched according to the changelog. You have to upgrade to kde 3.4.2 in order to have a fix. In other words, if you are using KDE, but you are not using slackware 10.2, your system can never be patched. Sounds familiar? It's no different from a gnome 2.10 having a security issue that 2.12 doesn't have.
Here is one right here http://www.kde.org/info/security/adv...20050815-1.txt. It affects 9.0's kde, but it has never been patched according to the changelog. You have to upgrade to kde 3.4.2 in order to have a fix.
If an upgrade is required to 3.4.2 to fix the issue, then obviously it can only be expected that (1) users will decide on their own whether or not the vulnerability is to the extent they would desire to upgrade their environment, and (2) that the applicable versioned packages would be patched and made secure.
You will see here that Pat did provide the 3.4.2 fix (see changelog):
Tue Aug 30 13:01:43 PDT 2005
kde/kdeedu-3.4.2-i486-2.tgz: Fixed a minor /tmp bug in kvoctrain.
(* Security fix *)
Quote:
Originally Posted by liquidtenmilion
Did you even read any of the security advisories?
Yes, I did read through some of them, and you will note that in a number of my previous posts I directly linked to the fixes that Pat provided to the official Slackware packages. Many of the other issues which are referenced in the KDE security notices do not affect the Slackware builds due to the nature of the libraries that are vulnerable. This is why I asked for specific examples that you have already sorted through and feel were not properly fixed in Slackware. To date, no such examples have been provided that would qualify.
LinuxQuestions.org is looking for people interested in writing
Editorials, Articles, Reviews, and more. If you'd like to contribute
content, let us know.