Software updater snuck in a package that is unwanted

Bret Busby bret.busby at gmail.com
Sat Oct 21 07:11:32 UTC 2017 

On 21/10/2017, Colin Law <clanlaw at gmail.com> wrote:
> On 21 Oct 2017 7:17 a.m., "Bret Busby" <bret.busby at gmail.com> wrote:
>
> I have the following suggestions, which I believe to be
> useful and worthwhile.
>
>
> A simple question, how do you know when an important security update is
> required?
>
> Colin
>


Firstly, and, please do not regard this as being argumentative; there
is a significant difference between a and important security update
being required, and, one being available.

A good example of the difference, is that, from what I understand, the
WPA2 system is in extreme need of a security update, from what I
understand, and, it may take years, if it happens at all, that
security updates for all devices in use, become available. That makes
WiFi, or, the use of it, quite risky, until all of the devices that
use WiFi, are patched with the required security upgrades.

I am not aware of any WPA2 security upgrades, being available, to
protect against the defined ("KRAK" ?) problem, as yet.

How did I find out about the WPA2 vulnerability? I found first, from a
BBC online news report, in their Technology section. That was about a
day before it was reported in the Australian equivalent of the BBC,
online news, and, about a day before the CERT advisory notifying of
the vulnerability was sent.

I am subscribed to the CERT advisories, and, have been, for years,
going back to when it originated from the Carnegie-Mellon University,
I think it was, before CERT became nationalised in the USA.

Regarding the issue of security (and other software) updates being
available, in Ubuntu, ever since I found them, I have applied a panel
applet, which provides notifications, which (I believe) invokes the
Software Updater notifier of the updates being available, so that,
when updates become available, a pop-up (?) window's presence is shown
in the taskbar, and, clicking on that, opened the window of the
Software Updater.

That was before the unattended-upgrades became installed, on the other
computer, since which event, I have stopped the Software Updater from
checking for updates on that system, but I still have it engaged, as
before, on this computer.

I am now, a bit more apprehensive of performing the updates, as I can
not, now, as shown, rely on my memory, to prevent the
unattended-upgrades package from being installed.

So, while your question may have appeared to be simple, the answer may
not be as simple as expected. See the proverb in my signature.

-- 

Bret Busby
Armadale
West Australia

..............

"So once you do know what the question actually is,
 you'll know what the answer means."
- Deep Thought,
 Chapter 28 of Book 1 of
 "The Hitchhiker's Guide to the Galaxy:
 A Trilogy In Four Parts",
 written by Douglas Adams,
 published by Pan Books, 1992

....................................................

More information about the ubuntu-users mailing list