Newbie questions about updates

[Tommy Trussell]

On 8/23/06, Scott <geekboy at angrykeyboarder.com> wrote:
> What really bugs me is when Ubuntu (or most any Linux distro) releases a
> security update to a package (say, Firefox) they announce the
> vulnerability (many days and sometimes even a few weeks) after it had
> already been announced by the the original developers (e.g. Mozilla, PHP,
> MySQL etc.) at the same time they release the package..
>
> For the ignorant, this gives the impression that this just came about and
> we "jumped right on it".  When in fact, that's not the case.

As others have explained, it's because it's more complicated to
produce a proper Ubuntu version than just copying the latest code from
Mozilla. The reason it's so easy to install Ubuntu packages is because
there's a lot of "up front" work. It's a real strength of the Debian
design.

It would be much easier for you if the Mozilla folks maintained the
Ubuntu binary versions, but of course their priorities would logically
be with the Windows, Mac and generic linux binaries. So there will
always be a delay. I think it's amazing it ONLY takes a few weeks,
given that these folks are generally doing this as volunteers.

How about a little paraphrase -- "Ask not what Ubuntu [volunteers] can
do for you. Ask what you can do [to volunteer] for Ubuntu!"