Subscribe / Unsubscribe Enewsletters | Login | Register

Pencil Banner

Ubuntu, ownCloud, and a hidden dark side of Linux software repositories

Chris Hoffman | Nov. 10, 2014
The version of ownCloud in Ubuntu's Universe repositories is old and full of "multiple critical security vulnerabilities." It's no secret. The ownCloud project itself asked Ubuntu to remove it so users wouldn't have vulnerable server software. Ubuntu suggested to ownCloud they should take over maintaining it instead. OwnCloud thought that was ridiculous--they just want to write software and not maintain it in every distribution's repositories.

Ultimately, the multitude of different Linux distributions with their own package repositories and formats creates problems. Packages are often created and maintained by users who may walk away at any time. There's no way around this--and it's a serious problem on Linux.

Thankfully, common server software like Apache and desktop software like Firefox have more attention paid to them. For example, these are part of the "Main" repository on Ubuntu, where Canonical commits to providing timely security updates for them. Beware server software supported by the community.

 

Previous Page  1  2  3 

Sign up for CIO Asia eNewsletters.