mintupdate: please enable security updates of level 4 and 5 by default

  8 years ago

mintupdate has been improved a lot in Mint 17: among other things, security updates for level 4 and 5 packages are now being shown by default. However, they still aren't *enabled* by default.

Security should have priority here: it would be better if those updates would be enabled by default as well. Users should feel secure with the default settings of Linux Mint.

Furthermore, enabling those updates by default would prevent confusion among new Linux Mint users, because it would send a clearer message.
Latest comments
Pjotr 8 years ago

@Hammer459: I see your point, but the instability risk is small. While the security risk could be big. With potentially tremendous impact on people's lives.

I've been using Ubuntu (which doesn't classify updates like Mint) for eight years, and in those eight years I've had only one problem because of a kernel update (in 2006, to be exact). While there were countless security updates in those eight years, some for very severe vulnerabilities, for packages that Mint classifies as 4 or 5.

Yet I believe that Mint is right with excluding *ordinary* updates of level 4 or 5: for those, Mint's way is an improvement. But security updates are something else.

Hammer459 8 years ago

The idea is that they are safer without unverified updates that may destabilize their entire system. With those unverified updates you may introduce new flaws worse than the ones you are fixing. That is why it has to be a conscious act to turn those updates on. In the name of security nothing should be turned on by default if there is even a remote risk that an update makes things worse.
It is now a reasonable balance between the various risks. To alter that balance must be a personal choice.
Just consider how safe the unskilled users would feel if their system suddenly starts acting weird after a level 5 kernel update that messes with their graphics driver, or some such, but it removed a security risk...

Pjotr 8 years ago

@Hammer459: I know, but security should prevail, I think. Especially when the unstability risk is small, like in this case. People should be able to feel safe with their default Linux Mint.

Hammer459 8 years ago

The reason for them not being enabled by default is that they pose a small but actual risk of future instability and thus it is not wise to have that on for everyone.