From: blade.vp2...@gmail.com Subject: Re: [Trisquel-users] Where are all the security updates? Date: Fri, 19 Sep 2014 14:16:24 +0200 (CEST)
> greenman you said what I want to say > This is the truth with regret. > I think we should Move to parabola As Ruben indicated the delay is a temporary situation occasioned by him (and presumably Aklis) commissioning a new system. Thus if you want you can take temporary measures by reviewing the missing patches' announcements on ubuntu-security-announce and perhaps look up the CVEs on cert.org. So e.g. to take the openjdk-jre one, the package isn't Trisquelised so you could just do a point install by downloading the Ubuntu package. It'll be exactly the same package when it arrives in the Trisquel repo. For a typical personal PC/laptop user only the remote vulnerabilities are of concern. And even then unless you're using them in an Internet facing situation (e.g. browser, java plugin) then the risk is significantly mitigated for a typical end user because they're almost always behind a firewall. However, the reality is plenty of people ran Debian testing without security support and not a few longer delays than the current Trisquel ones for security patches for years without adverse effects. Yes, it's not a good situation, but as I've said elsewhere - it's not terrible either - DON'T PANIC.
