… lots of Canonical in my mouth …

Getting online this morning was in interesting experience, seemingly some news sites picked up a two week old post to a mailing list thread from me to turn it into something that generates revenue for them …

… intrestingly even though the original post was linked in all of these articles, people seem to be more intrested in the interpretation of the reporters of the sites than to read the actual thread, putting potential words from Canonical into my mouth that i didn’t ever say.

I must say I find that pretty offending to me as an individual … yes, I do work for Canonical (still happily since nearly 9 years now and I love what I do and plan to go on to do so …) but please allow me to have my own mind and opinions, not everything an Ubuntu developer says is coordinated by Canonical, even if this statement might trash you conspiracy theories … (oh, and not every Ubuntu developer works for Canonical … unlike some people might want you to think, the Ubuntu dev community is healthy and happily chuggin along, with the new Ubuntu Touch community vibrantly growing)

What I wrote was my own personal opinion (that was actually the reason to use the word “personally” in my sentece about home banking, but I am not a native english speaker, so I might have misunderstood its meaning for all these years)

What I also did was to point to code evidence that shows that Linux Mint supresses security updates for certain software in its default setup … while it might be true that it is configurable and that it is only disabled for certain packages out of the box, this is still an evident fact and can be seen in the code, there is nothing to argue or discuss about (and as I learned now it seems to be part of the Mint philosophy since security updates seem to have caused them instabilities in the past)

Indeed I couldn’t keep my feet still and made the mistake to actually read comments on the different articles …

“He fears losing his job and needs to stir up stuff” … dude … after such a long time in an opensource company and getting headhunter offers regulary, you dont have to worry for your job … what I’m actually worried about is the undeserved badmouthing of Ubuntu based on FUD. Ubuntu is more than Canonical or its decisions, please don’t discredit the work of many many contributors out there … if you want to attack Canonical, do it, but pretty please take into account that Ubuntu is more than Canonical … Oh, and the stirring up part … I can tell you it isn’t any pleasure to be in focus like that for a side statement you made weeks ago …

“He wants to badmouth Linux Mint because they steal users from Ubuntu” … I seriously don’t care if users use Ubuntu, Xubuntu, Mint or elementaryOS, in fact it makes me proud to know they base on work I participated in (note that I maintained one of the first derivative distros of Ubuntu (edubuntu) for about two years nearly on my own) derivatives (and the work they feed back into the Ubuntu archive) are a big part of the Ubuntu ecosystem, why would any sane developer badmouth them ?

A big thanks to OMGUbuntu for fixing their headline … which initially suggested that I “advised” users to not use Mint because it is vulnerable, I never did, I just stated that I personally would not use it for online banking since I know they dont install all available security updates by default …

Seriously, I HATE raisins, I would never eat a cheesecake that contains raisins … did I ask anyone to not eat raisins or did I propose to stop producing them in the former sentence ? no, obviously I didnt … and I dont want the raisin farmers go jobless just because I dont like their product … why people did read something like this into my words in the mail that was quoted is really beyond me …

So lets see if we can get something constructive out of all this, obviously would I be a debian developer that had posted to some debian ML nobody would have picked it up … but since this trivial statement has drawn so much attention we can probably both benefit from it…

Clement Lefebvre’s statement

To me PERSONALLY suppressing any available security updates is a no-go and while Clem points out that it is configurable in Mint, I don’t belive my Mom or my sister would get along with that, they would just use the default. Which would leave them obviously vulnerable with some packages (wether the vulnerabilities are exploited or not, there are open security holes in your system after all) … obviously the practice to suppress these updates stems from bad experience with using Ubuntu provided security updates …

Hey Clem ! … so how about we take a look at this and improve that situation for you, obviously something in Ubuntu doesn’t work like you need it, Canonical puts a lot of time and money into improving the QA since about two years. I think it would be really helpful to sit down and look if we can improve it well enough for both of us to benefit (Ubuntu from your feedback and you from improvements we can do to the package quality) … wether you still want to suppress updating any packages or not even after we fixed the issue for you, is indeed your choice, but please dear press allow me to also still not use Mint for online banking then ;)

Quotes from the comments section in the above page:

… “Maybe it is time to re-evaluate whether security updates should be held back by default. Ubuntu have made steps to avoid regressions such as Phased Updates.” …
Clem: … “I’d be happy to have that discussion and look at the pros and cons post Mint16 release. It’s not a reaction to a particular incident though, it’s a difference in policy. We actually built the tools that would allow us not to make it trivial for people to apply changes blindly. There’s pros and cons to it, and that’s why it’s configurable.” …

So hey, as much out of bounds these press posts were for such a non-issue, it apparently caused some discussions and will possibly improve the situation for all of us in the end …

Oh, and btw … many people missed the actually interesting part in the mail thread … having Mate in debian and Ubuntu will definitely reduce the maintenance work for Mint since they can just pull it in from the respective archives (and it might bring Ubuntu another new derivative distro)

About these ads


  1. Robin Jacobs · November 18, 2013

    I agree that a company is not (always) responsible for the actions of its employees, and the other way around. This whole thing has been blown up to be a much bigger ordeal that it really is, and I think it’s a shame a misunderstanding like this could have such an impact. I think this also clearly illustrates why you should do some research before making blunt claims, though.

    But I must wonder :p Can you tell me whether the boot loader (GRUB) really has some influence over the security of the system? I’m genuinely curious about that one, because it’s something I’ve never heard of before.
    As to the Firefox part of the claim… sorry, but you should have checked that. Firefox updates are not withheld at all. Then again, it wouldn’t have been so much of a big deal if this hadn’t been blown up as much as it has.

    On a different note: There are already some other distro’s out there which use MATE as their desktop environment. Even Ubuntu-based ones (including a project on which I briefly worked with the founder; Snow Linux).

    • Robin Jacobs · November 18, 2013

      My bad. Apparently Snow Linux is based on Debian nowadays.

  2. Pingback: Oliver Grawert critica la interpretación dada por varios medios con respecto a las criticas de LinuxMint y responde a Clement Lefebvre | :.Libuntu.:
  3. Kirk M · November 18, 2013

    I’ve already posted my thoughts on this rather blown-way-out-of-proportion subject in the comment thread of the article on OMGubuntu site so I won’t repeat here.

    However, about the last paragraph of your post…

    …”Mubuntu”? ;-)

  4. shnatsel · November 18, 2013

    I’m kind of glad this happened: I said I empathise Mint for holding back updates because of kernel regressions in a comment on OMG!Ubuntu! and 6 comments later I’m in #checkbox writing regression tests for my use cases :D

  5. mgedmin · November 18, 2013

    Can we please stop using women as examples of nontechnical users? Thanks.

    • ograblog · November 18, 2013

      sorry, but both, my mom and my sister are actually pretty non-techincal computer users … my dad doesn’t touch computers at all, i didnt say “wimen are non technical users” but was talking specifically about my mom and sister for which i do the administration.

  6. Dadadada · November 18, 2013

    This is some excellent distancing with just the proper amount of thin snark. I can also see that you werent kidding when you said English was not your first language. Anyway, keep on keeping on! Im gonna keep Mom and Dad using Linux Mint because even on Windows mom and dad dont know how to disable malware, WildTangent-esque toolbars, or disable Java. I should know I just had to fix the Windows partition from a kit last night (before installing the stupendous Fedora on a new partition with Cinnamon of course as a sensible desktop both in terms of familiarity and privacy). As far as they are concerned Firefox is updated and their xorg isnt broken.

    But hey it’s good to see Ubuntu MATE remix on the line. I hope it can stay around unlike a bunch of other remixes.

  7. foggytown · November 18, 2013

    I read the click bait then headed over here. Thanks for clarifying things. Although I doubt your reasonableness will get much play as it doesn’t fit the pre-conceived narrative.

  8. bmullan · November 18, 2013

    “Man bites dog” always got more attention in the press than what really may have occurred.
    Sad as it is.. it seems that writers covering Technology today would rather write up gossip and stir up fractionalism than write about all the really cool/interesting things going on.
    Cheap shots are cheap shots. Don’t let it bother you.

  9. Daniel Holbach · November 18, 2013

    Oliver: you’re famous now! :-)

  10. FightDaFUD · November 18, 2013

    You sir, are a credit and a positive influence, on the Linux Community as a whole. It is too bad, that a person’s opinion, got blown out of portion. You, as is everyone else, are free to have their own opinion, it also helps to keep life interesting. ;)

    I am glad to hear that you open to work with Clem and the Linux Mint Team. Yeah, teamwork!

    I love the idea (I am sure others do too.) of the Ubuntu Mate remix. I am interested.

    Thanks Oliver, for all your hard work and efforts. I appreciate you. Have a great week. :) Linux ROCKS!!

  11. Pingback: Canonical Mühendisi Mint'i Neden Önermiyor? | Penguen Efendi
  12. Pingback: นักพัฒนา Ubuntu เหน็บ Linux Mint อัพเดตช้า, ไม่ปลอดภัย | ละครย้อนหลัง,ข่าว,คลิปวีดีโอ,กีฬา,ฟังเพลงออนไลน
  13. Jason · November 18, 2013

    When I first tried Mint in a VM I ritualistically would save a snapshot before doing any updates because my previous experience with MOST other distros (including Ubuntu) is that they can trash my environment with updates. I have not once had an issue with Mint updates and I no longer snapshot before installing them. I’m willing to give up a little security for some level of understanding that my machine will actually boot back up properly after an update.

  14. Pingback: 1081009 | นักพัฒนา Ubuntu เหน็บ Linux Mint อัพเดตช้า, ไม่ปลอดภัย | ร้อยแปดพันเก้า.com 1081009
  15. usr.drc · November 18, 2013

    Fascinating how quickly what one person says can be spun into something malicious.

  16. Pingback: Linux Outlaws 327 – Sausage Input Protocol | Sixgun Productions

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out / Change )

Twitter picture

You are commenting using your Twitter account. Log Out / Change )

Facebook photo

You are commenting using your Facebook account. Log Out / Change )

Google+ photo

You are commenting using your Google+ account. Log Out / Change )

Connecting to %s