this post was submitted on 17 Apr 2025
10 points (91.7% liked)

Linux Mint

2325 readers
1 users here now

Linux Mint is a free Linux-based operating system designed for use on desktop and laptop computers.

Want to see the latest news from the blog? Set the Firefox homepage to:

linuxmint.com/start/

where is a current or past release. Here's an example using release 21.1 'Vera':

https://linuxmint.com/start/vera/

founded 4 years ago
MODERATORS
[email protected]
10
Isn't downloading software from the official repositories less secure than getting them from the original source? (lemm.ee)
submitted 1 week ago* (last edited 1 week ago) by [email protected] to c/[email protected]
7 comments fedilink hide all child comments
 

I'll be the first to admit that I still have a lot to learn, but isn't it kind of dangerous to rely on repositories with software that is often months out of date? I understand that security is a moving target, but I see so many people saying that getting apps from the official repositories is the safest option. This just seems incorrect to me. Can someone please illuminate?

you are viewing a single comment's thread
view the rest of the comments
[–] [email protected] 2 points 1 week ago (4 children)

It depends on the repository. The big distro repositories will have security patches as part of maintenance even if they don't pull the latest updates. Newer code can also add vulnerabilities in addition to fixing them. There are also rolling release distros that keep up to date.

[–] [email protected] 1 points 1 week ago (3 children)

Forgive me for being dense, but how can they have a security patch without the latest update? I'm speaking specifically of Linux Mint and the repositories that are used after a fresh install, here. In my experience (which may differ from yours), I've never had to regress to an earlier version of software due to the latest version having some kind of vulnerability. It's just not something I've ever had to do, although I'm not ruling out the possibility that others have experienced this.

[–] [email protected] 3 points 1 week ago (1 children)

In order to maintain software versions, package maintainers will often selectively pull git commits from the upstream projects that fix bugs / vulnerabilities in the code, while not pulling feature commits. Sometimes the pulled commits may need modifications to work properly on an old feature version of the software, which will also be done during the process. Alternatively, a software may be compiled with different feature flags to restrict functionality to mitigate bugs known in upstream.

[–] [email protected] 1 points 1 week ago (1 children)

Okay, I understood about 5% of what you just said, but I think I get the general gist of it. Thanks for your reply.

[–] [email protected] 1 points 1 week ago

Basically, because they can look at the source code of individual applications and how it got changed over time, they can typically create alternative versions of the software, which doesn't include the newest features, but does include bug fixes and security patches.

load more comments (1 replies)
load more comments (1 replies)