You are not logged in.

Pages: 1

#1 2008-10-01 03:29:49

BKJ
Member
Registered: 2008-09-19
Posts: 71

In General?

Hello arch n00b here (2-3 moths now).  I was wondering about how fast security issues are resolved on the norm in arch?  For instance, how long does it normally take for a package like firefox (from extra) to get updated and released into the wild?  I come from using FC and was quit pleased with its security updates/notification mail lists etc... However, I got tired of the yearly reinstalls which lead me to arch after trying gentoo.  I see a few posts in the forums and a few wiki docs discussing the possibility of an arch security mail list etc... but then they never seem to pan out and hence my question. 

PS - I am really liking arch by the way... but wireless is poo poo!

Offline

#2 2008-10-01 05:17:08

somedrew
Member
From: Canada
Registered: 2007-05-14
Posts: 140

Re: In General?

Due to the rolling release system and philosophy of Arch, a dedicated security team and repo isn't really practical. Instead, when a security flaw is detected in an upstream package, once upstream releases a fix, the new package will be available when the Arch maintainer has a chance to package it (think Debian Sid vs. Stable).
cheers,

Last edited by somedrew (2008-10-01 05:19:21)

Offline

#3 2008-10-01 06:17:10

BKJ
Member
Registered: 2008-09-19
Posts: 71

Re: In General?

OK, thanks for the info.  Works for me for now as I can use a different browser for the time being.  I was just hoping for a better answer then, "When the maintainer has a chance..."  I understand they have lives as well.  I do appreciate their time and effort in providing those updates and a great OS like Arch!  smile

Offline

#4 2008-10-01 14:45:09

Cyrusm
Member
From: Bozeman, MT
Registered: 2007-11-15
Posts: 1,053

Re: In General?

just as a comment, I think the maintainers do a wonderful job with security fixes, especially on the vital programs such as web browsers (i.e. firefox). after all, the maintainers are also USING these packages, and are therefore just as concerned about security issues as any other user.
that's the beauty of the bleeding-edge rolling release system, updates come faster than with most other distros.

also, BKJ, welcome to Arch!

Hofstadter's Law:
           It always takes longer than you expect, even when you take into account Hofstadter's Law.

Offline

#5 2008-10-01 14:50:33

lucke
Member
From: Poland
Registered: 2004-11-30
Posts: 4,018

Re: In General?

What's wrong with wireless? It should work as in any other distro.

Offline

#6 2008-10-01 14:57:29

tigrmesh
IRC Op
From: Florida, US
Registered: 2007-12-11
Posts: 794

Re: In General?

Arch's strengths are in its package management and that it's rolling release.  Security is not a major focus of the developers.  If the speed of Arch's security updates is not fast enough for you, you need to monitor security sites yourself (you can update packages using ABS http://wiki.archlinux.org/index.php/ABS).  I suspect that Arch user security efforts have fizzled because those people have moved on to distros where the developers have more of a security focus.

Offline

#7 2008-10-01 18:44:59

BKJ
Member
Registered: 2008-09-19
Posts: 71

Re: In General?

Cyrsum:
I don't know about faster most of the other distros have already released fixes for the recent Firefox issues (at least RHEL/CentOS/FC)...  But I get what you are tring to say as a general rule.  I have been tracking a few Security releated items in Arch and they do seem to get updated (at some point) its just that someone needs to flag the item as outdated so that the maintainer gets notified.  A couple are Amarok which was patched and MPlayer (still unpatched) which has a recent vulnerability (a few days old at this point).  I am just used to other distros releasing fixes w/o me having to be a security guru and constanlantly on the lookout.  But then again those others are not as fast as Arch and are nothing but bloat.

Lucke:
See this thread (http://bbs.archlinux.org/viewtopic.php?id=55318) as these are my issues... Basic inet surfing and the like work but still have issues with wireless under arch...

Tigrmesh:
Yes, I am aware of AUR but in the Firefox case just updating to FF 3.0.3 is not enough there are underlying packages (xulrunner, etc) that need to be updated as well to remedy the vulnerability, so AUR is not always the solution.  Also, I would have to agree with you on the fizzled part. I  am a security conscious user and try and keep all my boxes updated.  I maybe one of those Arch users who does leave Arch for that reason, but only time will tell as I am very pleased with Arch at the moment and I am willing to bend a little on security.

Thanks for all you replies!

Offline

#8 2008-10-01 19:23:12

tigrmesh
IRC Op
From: Florida, US
Registered: 2007-12-11
Posts: 794

Re: In General?

@BKJ - This may help:  http://dev.archlinux.org/~hugo/sheriff/.  More information on it is available here:  http://archlinux.org/pipermail/arch-gen … 18555.html.

Offline

#9 2008-10-01 19:34:55

BKJ
Member
Registered: 2008-09-19
Posts: 71

Re: In General?

Tigrmesh:

Hooorah... That is what I am talking about.  Nice and congrats to those who have taken the time to give the "Arch Sheriff" the love it needs... smile

Works for me and has been added to bookmarks....  Hopefully, this project will stay a float and become the norm.

Thanks for the links!

Offline

Pages: 1

Board footer

Powered by FluxBB