Problems with Updates

[Mario Vukelic]

On Tue, 2008-10-28 at 21:52 +0000, Kennneth P. Turvey wrote:
> I'm not sure it is on a laptop.  Losing productivity is more important to 
> avoid than the potential security threat in this case. 

Yeah, as discussed with Derek I see the point. However, the fact that it
is a laptop maybe makes it even more vulnerable, since depending on your
usage this laptop might frequently be on LANs that must be considered
hostile.

The meme that "the Ubuntu default install does not run daemons that
listen to the outside" is not strictly true: it runs Avahi. "Avahi is a
system which facilitates service discovery on a local network. This
means that you can plug your laptop or computer into a network and
instantly be able to view other people who you can chat with, find
printers to print to or find files being shared" (avahi.org)

It also runs dhcp and it runs a kernel that faces network traffic. Add
to that Firefox, any filesharing programs you might run, etc.

I don't know about you, but I'd find an unpatched known remote hole in
my kernel or avahi not tolerable.

If you do disable updates you should at least subscribe to
ubuntu-security-announce and read what alerts come up:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-security-announce

I'd recommend not to disable upgrades but apply them selectively. The
Update Manager or your favorite command line frontend to APT let you do
this.

<snip>

> I wish I could.  I'm not sure when sound quit working.  I posted to this 
> forum when I discovered that the XV extensions to X weren't working.  
> That post is dated October 13, 7:21.  It probably was an update applied 
> within two weeks prior to that date.  

Maybe the dpkg log files help remember: /var/log/dpkg.log*
Or the hardy-changes list archives:
https://lists.ubuntu.com/archives/hardy-changes/