Ubuntu Security


#1

Hi Everyone,

in past i was reading a lot about Ubuntu (LTS) and maintaining security issues. It seems that its not recommended to use Ubuntu anymore (e.g. for servers):

https://prism-break.org/en/categories/gnu-linux/

Last week i was reading that Canonical only patches “important” issues coming from the main repository (2500 binaries), never from others like “universe” (45000 binaries). Means that a fresh installation could already contain unsupported packed.


(sorry in german only but the screenshots are speaking for themselves)

When i think, that a single bug in a image library can root a phone, then i feel not comfortable to use Ubuntu anymore, especially LTS, that a package could be patched in newer version of Ubuntu because of higher version number by chance, but in LTS never. I saw that c9 is using “universe” too.

But back to my question, do you plan to use/offer another (safer) distribution like Debian or upgrading Ubuntu to 16.04 soon?

This not mean Ubuntu is bad, someone need it to have newer versions of binaries instead of Debian, which offers higher security, but very old software/packages. But i need to know it, because for me on first place is the security, especially for cloud computing.

BR Thomas


#2

Hi Thomas,

Ubuntu is not recommend by PRISM Break because Canonical’s dashboard sends personal data to third parties. Do note that this is not the case with Cloud9’s hosted workspaces, and these settings to send the anonymised data can be disabled in Ubuntu.

For more information on Ubuntu’s version names and LTS policies please see this page from their website.

We do intend to upgrade to 16.04 LTS, although I do not have any timescales on this yet for you. You are best to follow us on Twitter and our blog to stay up-to-date with new things going on in the Cloud9 world.