Newest Gnome versus LTS

[Ralf Mardorf]

On Thu, 2019-07-18 at 10:22 +0200, Oliver Grawert wrote:
> hi,
> Am Mittwoch, den 17.07.2019, 21:03 +0200 schrieb Ralf Mardorf via
> ubuntu-users:
> > On Wed, 17 Jul 2019 12:21:46 +0200, Oliver Grawert wrote:
> > > what a user really only needs to care about is to keep the system
> > > up to
> > > date.
> > Hi,
> > 
> > I disagree, if a package from "main" such as openssl suffers from
> > something like Heartbleed, it might be better to wait a few days for
> > a
> > fix, before continue using such a package's software.
> 
> you mean keeping your system vulnerable for a few extra days makes much
> sense ?

No, I said as long as there is no security update available, it is not
good to continue using something high risky vulnerable. If such a
vulnerability is know, it could still take a while before a security
upgrade is available.

Your point is, that user only need to care about upgrades and nothing
else, IOW it is actually you who recommend to use high risky vulnerable
packages.

> > It was even announced by television news and Bruce Schneier said:
> > "Catastrophic is the right word. On the scale of 1 to 10, this is an
> > 11."
> 
> my mom: "who is bruce schneier ?"

If it's mentioned by the German news, then somebody from the CCC
explained the risk, not Bruce Schneier. However, it doesn't matter who
explains the risk. Nobody needs to have the skills of an electrician to
understand, that if smoke comes out of the light switch, you need to
turn off power by the fuse immediately and wait until it is repaired,
before you continue using the light switch.

> > The Ubuntu help explains that not all repositories are supported and
> > warns regarding the risk using packages from those repos.
> 
> and because of this what i said is not true? 
> 
> yes, there are repo parts that are maintained by the community that
> possibly get security fixes in a slower cadence (or probably none at
> all, which is one of the reasons snap packages exist). but thats
> completely orthogonal to the fact that you should immediately pull in a
> security fix if it is available ... and that you should do this when
> the update manager notifies you about it.

webkitgtk is still in the 16.04 universe repo and users even recommend
to use a browser based upon webkitgtk from this repo ;). People who are
able to read the user manual of their washing machine, should read the
"user manual" of Ubuntu, IOW learn what the differences between the
repositories are.

Don't discourage users by claims that only computer freaks are able to
understand it.

You don't need to be a washing machine freak, to understand the user
manual of a washing machine.

> 90% of ubuntu users out there install their software by simply clicking
> the install button in the software-center, they dont know what
> heartbleed is or who bruce schneier is, they only want to use their
> computer.

They don't know what smoke is, that comes out of a light switch? You
claim 90% of the Ubuntu users are mentally challenged.

> and the most important thing to keep these peoples machines secure is
> to teach them to always apply the updates their system offers

Yes, but if smoke comes out of the computer case they should turn it off
and asked an expert how to proceed!