[ale] [OT] updating, securing OpenOffice, Adobe Reader / Flash

Michael B. Trausch mike at trausch.us
Mon Mar 14 00:12:35 EDT 2011


On Fri, 2011-03-11 at 10:01 -0500, Ron Frazier wrote:
> OpenOffice is now up to version 3.3.  However, my version 3.2 was not 
> updating properly.  When I'd say check for updates, it just failed.  
> When I heard it was at a new rev level, I uninstalled it and installed
> version 3.3.  My Ubuntu version is still at 3.2.  I'm not sure why.  

Ubuntu's policies prohibit major upgrades like that.  That does not mean
that all is lost, however.  They will backport security-related patches
to whatever version(s) are in their repositories for distributions that
are still supported, and so you still receive security updates in that
way.  That said, dpkg has a long way to go before they get this done
efficiently.  A minor security patch that might only be 100 lines of
source changes still requires that you re-download the whole friggin'
package once they've finished a rebuild.  Alas, nothing is perfect.

That also said, I think it is important to note that blindly patching
things can be just as detrimental as patching nothing at all.  I am not
saying audit every single change, but there is a balance somewhere
between patching everything, all the time, and patching nothing at all.
Security patches themselves can introduce security problems, and some
(though few that I can recall) have been known to break backward
compatibility in some cases.  There have been a few security fixes in
Samba that I can recall that have had the effect of breaking backwards
compatibility (though for the ones that I can recall, they were well
worth it).

	--- Mike



More information about the Ale mailing list