The Trisquel7's autoupdate program crashes or do nothing. It finds something,
but won't update. So, update through Synaptic or Console, are working.
To the maintainers: thanks for the updates, much appreciated !
Same here. Switching to different mirrors doesn't make a difference.
Same problem here. :-(
It's been maybe about a week that I haven't had any software updates either.
Here's the content of "cat /etc/apt/sources.list":
# deb http://archive.trisquel.info/trisquel/ belenos main
# deb http://archive.trisquel.info/trisquel/ belenos-updates main
# deb http://archive.trisquel.info/trisquel
I have successfully run GuixSD *live USB* in QEMU once. Although I'm not
doing so currently due to the fact that my computer's five years old
disk drive malfunctioned only due to its age.
Can you please tell me what are you using to run GuixSD in QEMU? If
you're using a command line, which one?
All I will say is that if they want more developers, making it as easy as
possible to take part is ideal. At the moment I can't even run Guix in Qemu,
let alone install it on my computer, so it's a real pain.
Perhaps there is no basic graphical installer for GuixSD because there's
lack of workers there?
At any rate, I have been noticing that some projects are starting to
integrate built-in updates or package manages on their resulting
software, or are stuffing/bundling things from other projects into
It's just impossible to install for me. Something always goes
catastrophically wrong and and I can't make it work in a VM.
Why there isn't a basic graphical installer is a question I cannot answer.
I really like the idea of switching to GuixSD as well, but I am concerned it
might be too early to really use. :/
You're right, sorry, they came out on the same day.
The difference between Tor Browser and IceCat is that Tor Browser is getting
security updates while IceCat has seized to, so, IceCat is late while Tor
Browser is prompt.
Are you sure? I read both Normal and ESR came out on March 8.
https://en.wikipedia.org/wiki/Firefox_release_history#Firefox_45_ESR
I wouldn't regard the original release date of v45 as an indication of how
late the browsers were to upgrade.
They are only late so long as they are not on an
Version 45 came out as a normal stable release in March.
However, it was not an ESR then. I wouldn't regard the original release date
of v45 as an indication of how late the browsers were to upgrade.
They are only late so long as they are not on an officially supported
version. So they are
You posted a link saying that TorBB went to version 45 on May 30 (at least
the article is on that date).
And version 45 came out on March 8, according to this:
https://en.wikipedia.org/wiki/Firefox_release_history#Firefox_45_ESR).
That's roughly 3 months.
June 7 is the EOL of version 38.8.0
> True, but since it's comparable to the time it took for TorBB (at least for
now), it seems reasonable.
I don't know where you got this information from at all. Tor updated the
stable release to the latest version of Firefox ESR within days, and they had
had it in the experimental release
True, but since it's comparable to the time it took for TorBB (at least for
now), it seems reasonable.
Of course it depends on when future updates will come up, but for now it
seems reasonable to me, taking into account the time it takes to properly dig
through the code.
I've read Ubuntu
June 7 was 21 days ago.
So actually not as safe.
I personally can use a different browser without too much troubles since I'm
starting to know my way around the OS.
It's about the average users, not me: there's no way this type of users would
fix it by themselves.
About Tor, well then between April 26 (last v38 update) and And May 30, it's
Version 38.8.0 was the last release of Firefox ESR in the 38.x series, and
after that Firefox 38.x became EOL. Firefox ESR has now switched to 45.x.
The stable Tor Browser switched to 45.x just after it was released. Looking
at the Tor blog, Tor Browser 6.0 was released on the 30th May 2016:
I tried #FSF, they told me I better try the softwares mailing lists. What is
that? I'm supposed to simply send a mail?
Like for IceCat: bug-gnuzi...@gnu.org
For Abrowser I have no idea, it's not in the FSF directory.
I can't seem to find info about it yet, besides it being an unbranded
Firefox will manage its own updates independently of your system’s package
manager, an download subsequent releases. There will be no need to repeat the
whole “procedure”… Enjoy Firefox!
Thanks for the info. It's probably the easiest and simplest fix on the list.
Reading this, I see it
Pardon my ignorance, but this seems to be a very easy quick grandma-friendly
fix:
http://libre-software.net/how-to-install-firefox-on-ubuntu-linux-mint/
am I missing an obvious reason why it wouldn't be secure or why a new user
would have problems following the simple directions?
It seems
I find ESR more interesting because I don't have to care about it for at
least 10 months.
Personally, the less time I spend tweaking or maintaining my OS, the better.
I know, I've spent an insane amount of time lately just to have a lightweight
but functional OS. But hopefully I'm nearly
Use the one from Ubuntu. ESR does not have any security advantages as it is
designed just to be stable, which is why Tor Browser uses it.
If you don't trust Canonical that is a reason to build from source. I largely
do but you never know.
At any rate the option is there and really easy: you
True, I mean I don't want this issue to be associated with the usual
persistent complaints about aesthetics or user-friendliness or the latest
packages. This is critical because it's about security updates regarding a
vulnerable and exposed program.
There are options indeed, but that means that Trisquel isn't enough by
default. And since I recommend it around me, that's problematic. Not for my
reputation, but for their security.
Just do what any self-respecting neckbeard would do: use Lynx.
Pointing out that your browser hasn't received security updates for 6 months
is all but "bitching"..
I don't have answers yet from IRC, but I found this interesting (unfortunate,
but interesting):
https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox/
https://www.mozilla.org/en-US/security/known-vulnerabilities/firefox-esr/
These completely concern our Abrowser version.
That's
mine mentioned the right version too. it's just that Synaptic didn't, for
some reason.
I'm on IRC as hack2, I made my point about the browsers update, but nobody's
there yet.
I see -_-" ...
*Ahem* so then the latest update I have about abrowser is from November 10
2015. it says version 41.0.2,
while abrowser --version in the CLI gives me 44.0.2.
Either way, both are dangerously outdated.
It's not search but install/update/remove history.
Thanks for the .desktop file tip. It's useful for also launching scripts I
suppose. And to pre-configure a launch with parameters, like with Firejail
(thanks SuperTramp83).
Thanks for this.
That would mean I'd have to do this every 4 months or so, just to be
up-to-date?
Because I can't find the ESR (version 45).
I only found this, provided I did a proper search:
http://packages.ubuntu.com/trusty/web/firefox
OTOH, Debian has it (an is in https):
Thanks, then I'll ask him on IRC.
For now, I'll probably try one of the suggestions about installing Firefox.
That's how I found the search history I talk about above, but there seems to
be no update history or version history in Synaptic.
> Best to use the package from Ubuntu as Debian and Ubuntu sometimes have
slightly different versions of libraries.
It's not "sometimes", it's "usually".
Enable ccache, use an SSD, and set it to do two jobs (one for each core) at
once.
I tried to build Firefox from source on my LIbertyBSD Intel Atom. After about
three--four hours I called it a day and cancelled. It can take a long time to
build Firefox.
Best to use the package from Ubuntu as Debian and Ubuntu sometimes have
slightly different versions of libraries. Even better, build the deb package
from source if you don't want to trust Canonical.
There's a deb package available.
https://packages.debian.org/jessie/firefox-esr
Download it from Firefox website then add a .desktop file in /usr/local/bin
which launches the software. Alternatively, use Midori or something else.
It's under File > History.
For those wanting to use other free system distribution: try GuixSD.
It's rolling release *but*:
* Let's you keep various versions of the same package.
* Eases the process of building your own packages and sharing them with
others.
** In spite of the above, the build process is made to be
Oh, so it has nothing to do with Trisquel, but with the specific programs
devs? Then logically, these programs shouldn't be relied on as the main
browsers. But maybe the alternatives aren't better.
Then besides Tor, what would be another alternative, in your opinion?
Would a Debian package
I can understand, but isn't that a priority over many other things? To me,
the browser is one of the more "fragile" programs, the more prone to attacks.
Exactly. It should be a priority but from what I can tell the developers of
IceCat and Abrowser don't have much time. Therefore they fall behind.
I see, so ESR is clearly the way to go, unless wanting the latest feature (I
personally don't care). By the way, Icecat may be ESR, but I just noticed
it's unsupported since 3 months ago.
The devs seem to be available on IRC, I suppose I'll go ask them about all
this.
Thanks. /var/log I could find, though I only found a search history in
Synaptic (which is still a nice discovery).
Debian used to choose a version of Firefox (not ESR) and keep it for the
entire duration of the release, so had to backport security fixes to that
version. However it was too much work. Now they just use upstream Firefox
ESR.
Could you expand just a bit on Debian not backporting security fixes on ESR?
I thought that was the point of ESR (which I barely new it existed yesterday,
might I add).
So Firefox 44 was out in early February
(https://en.wikipedia.org/wiki/Firefox_versions#Version_44).
It's been nearly 6
Not a mistake. They probably just don't have enough time. It is no excuse but
that is probably why there are no updates. Of course they could be too lazy
but I doubt it is anything malicious. It shows you why there are no
guarantees.
Thanks for the heads up. I've never used a rolling release distro before but
I've heard these stories before. I guess what they say about the bleeding
edge is true.
I think you can check the logs.
https://trisquel.info/en/forum/how-do-i-list-last-installed-updates
Synaptic has a history tab somewhere.
I definitely agree.
I find strange that the maintainer(s) would do such a mistake continuously.
Are you sure there's no missing info on this issue?
I remember seeing Abrowser being part of the updates a few "months" ago.
Is there a way to see the update history of a program?
The last fully free distro I used was parabola. It was fine until a broken
update to OpenSSL completely trashed my system. I couldn't browse the
internet, I couldn't install updates, and I couldn't even revert to an older
version of OpenSSL. I still don't know what cause it to happen (but
It's a volunteer effort so no guarantees. I never saw the appeal of these
derivatives over Firefox other than ideological purity. I don't think
ideological purity should be at the expense of security updates, as long as I
can use a system with libre software alone. I am thinking of switching
Yep, I made the switch last night and successfully updated.
Thanks. Does it happen often? Or, how long has it been left not updated?
Thanks.
Basically, ESR or not, at some point it's time to upgrade, because the
security fixes are not backported from the latest version anymore,if I
understand.
This is definitely not right.
I'd rather have the money spent on this instead.
The browser is one of the weakest links, so this
IceCat and Abrowser don't apply their own security patches. They track
Firefox Extended Support Release, except when they don't, and aren't up to
date. Like, er, now.
Don't use the US mirror. Use archive.trisquel.info without the us in front.
That was before the Firefox rapid release, when Debian/Ubuntu backported
security patches to the version of Firefox they were using. Now all distros
either use the latest version, or a supported ESR version. Debian uses the
ESR version, but no longer backports security fixes, so once the
In that other thread, it is said that Abrowser's version in Trisquel 7 is
outdated.
But according to this, it isn't a problem regarding support
(https://trisquel.info/fr/forum/icecat-default-browser#comment-3375).
> Web Browser 3.5? Why should Trisquel users have to get an outdated
version
I'm planning to install Debian testing (main only, of course) one of these
days. Because of the vulnerable Abrowser, and because I need newer versions
of some packages (for which I downloaded the .debs from Debian). I also like
Parabola.
Which of the free distros do you have experience with?
I'll probably leave Trisquel as well but I'd rather move to a free distro
than an optionally free distro. That would make it so much simpler to answer
people who ask which distro I'm using. :)
I think Parabola is where I'm going next.
Unfortunately, you are very right about this. :-( In the long run, I might do
the same.
# Trisquel repositories for supported software and updates
deb http://us.archive.trisquel.info/trisquel/ belenos main
deb-src http://us.archive.trisquel.info/trisquel/ belenos main
deb http://us.archive.trisquel.info/trisquel/ belenos-security main
deb-src
As much as I love fully free distros, I'm thinking of switching to debian and
just not enabling nonfree repos. It seems every fully free distro is
consistently teetering on the brink of being left unsupported.
You're right, there seems to be an issue with the US mirror. I switched to
the main server and it's now updating normally.
I'm glad you asked this, as I've noticed the same thing. Here's the output of
my /etc/apt/sources.list
# deb http://us.archive.trisquel.info/trisquel/ belenos main
# deb http://us.archive.trisquel.info/trisquel/ belenos-updates main
# deb http://archive.trisquel.info/trisquel belenos-security
> I'm worried that I'm open to security vulnerabilities.
You are.
https://trisquel.info/en/forum/abrowser-version-trisquel-6
(the problem is apparently also in trisquel 7)
I think it's been a month or two since I've had any software updates
available on my machine. Absolutely nothing is available for upgrade after
running apt-get update and apt-get upgrade. Has this happened to anyone
else? Have Trisquel repos been frozen in advance of Trisquel 8?
I'm
73 matches
Mail list logo