LinkBack URL
About LinkBacksSo dnsmasq is still not getting updated on my Untangle. Is it a problem with apt or has it not yet been uploaded to the repo?Code:grep dns ii dnsmasq 2.80-1
So dnsmasq is still not getting updated on my Untangle. Is it a problem with apt or has it not yet been uploaded to the repo?Code:grep dns ii dnsmasq 2.80-1
Thanks a lot for all these informations, they were a great help in my case.
I'm always pleased to have nothing to do
(I'm reassured)
Seems apt is working. Two packages were updated since March 4th.
Still dnsmasq 2.80-1. Why?Code:diff untangleapt2.txt untangleapt.txt 724,725d723 < ii python-apt 1.8.4.2 amd64 Python interface to libapt-pkg < ii python-apt-common 1.8.4.2 all Python interface to libapt-pkg (locales)
Time to add openssl to the things not being updated by apt. Who knows how many others?
Package: openssl (1.1.1d-0+deb10u6) [security]
Untangle claims to be secure because it is based on debian. If it is not kept updated with debian is it still secure? I understand the need to test. I also understand the urgency to update.Code:[root @ homeuntangle] ~ # dpkg -l |grep openssl ii libcrypt-openssl-bignum-perl 0.09-1+b1 amd64 Perl module to access OpenSSL multiprecision integer arithmetic libraries ii libcrypt-openssl-random-perl 0.15-1+b1 amd64 module to access the OpenSSL pseudo-random number generator ii libcrypt-openssl-rsa-perl 0.31-1+b1 amd64 module for RSA encryption using OpenSSL ii openssl 1.1.1d-0+deb10u4 amd64 Secure Sockets Layer toolkit - cryptographic utility ii perl-openssl-defaults:amd64 3 amd64 version compatibility baseline for Perl OpenSSL packages
So is apt being used, yes. Is it being used as intended?
16.3 beta finally updates these and a bunch of other stuff. Why do we need to wait so long to get debian updates? Defeats debian security updates as a security feature.
I'm of two minds on the topic...
Rapid automatic updates is great to remediate known issues if and only of the updates come from a trusted source. But that's the rub isn't it? Debian's repos have been victimized before...
Building trust into Untangle's supply chain will require a certain amount of buffer between Untangle released and supported updates and the upstream repos. But where do you put that line?
Rob Sandling, BS:SWE, MCP
NexgenAppliances.com
Phone: 866-794-8879 x201
Email: support@nexgenappliances.com
I don't know were the line should be. I understand the need to test against Untangles modifications. I think for such critical updates it needs more priority than it gets now. If it was based on some bleeding edge distro I could see the long delay. Debian is a very conservative stable distro. If they deem it needs to be updated pay attention.Originally Posted by sky-knight
As for trust would bet on debian long before Untangle at this point. Untangle has been based on "old" debian for years. Now it is much closer than it has in the past. A good trend. Only a few months behind. Is that good enough?
As for automatic updates I don't run them on anything. I want to test before applying them. But they usually happen within a week.
On non-critical systems like desktops yes. But on servers the game changes, and on a server that will bork the connection everything uses to get updates? How much more so?
Yes... on the DNSMasq patch specifically I feel that should have been faster, because it's left every Untangle in the wild vulnerable to real risk. But, that's the first time to my memory this has happened. Usually Untangle's conservative approach has been to our collective benefit.
Though I no longer know if that benefit is via intent or accident. Which is the largest issue for me.
Rob Sandling, BS:SWE, MCP
NexgenAppliances.com
Phone: 866-794-8879 x201
Email: support@nexgenappliances.com
Posting Permissions
Reply With Quote