News Linux Mint ISOs infected in WordPress attack

"Motherload"

What is the inherent security flaw in storing user details with iso?

 

...this week...

 

I thought that was "motherlode"

 

Phil - your PM conduct towards Gareth is, quite frankly, utterly distasteful. Please, take a week off to have a think about it. Ta-ra for now!

While you're off, have a read of the rules. They're not optional!

 

You shouldn't understand the question because I misread the article and thus asked a malformed question. I seem to be turning my Derp up to 11 today.

 

I thought that they were being criticised for storing user details with the ISOs. But that's neither what happened nor what they were criticised on.

I learned something from your answer though. I haven't heard of cryptographic hashes used as secure verification before and it's a valid point on keeping the hashes with the ISOS.

 

This security issues has me concerned, as someone who was planning to make the change to Linux (Mint) in a few months and not knowing much about security of an OS, I read a comment on another site reporting this that the Linux Mint team have it backwards (their words) when it comes to security, preferring compatibility over security.

Are these major failings in its security a reflection on the OS itself?

 

Perhaps it's the old tradeoff between security and convenience coming into play.

I never got what mint offers over Ubuntu apart from cinnamon as the default UI. Why is Mint considered more user friendly or favourable?

 

Gareth, I should think that you could make the installer check the signature file, which should contain a hash of the media, and if the signature isn't correct or media fails to match the contained hash it shouldn't install.

This would obviate the requirement of the end user, who might be an MS Windows user, to check either the signature or the MD5 hash.

 

Cinnamon was going to be the flavor (no pun intended) i was going to plum for, going on what I've read and seen it looks to be less of a jarring transition from the world of Windows, last thing i want when learning about a new OS is to be fighting an unfamiliar GUI.

I kind of ruled Ubuntu out as I read it has a propensity of going down a similar route as Apple and Microsoft of a walled garden, data gathering, and dictating to users how they should use their OS.

 

Yeah I guess canonical are doing that a bit. They are disregarding wayland to make their own display server. Which is a bit walled gardeny. But I'd imagine you would end up with that in Mint as well when it arrives.

The most agregious thing is the ads but that can easily be turned off.

You should check out elementary os. It's the nicest looking linux interface IMO.

 

I've used Ubuntu since 8.04 and I can say that Ubuntu is no walled garden on the scale of Microsoft/Apple. Every search and data gathering feature can be switched off with a few clicks. In addition, in the next version (Ubuntu 16.04), all the online search features will be disabled by default.

There's nothing about FLOSS that forces Canonical to adopt Wayland. In the opinions of many, it may be easier if they had. I personally think choice is good and if they later regret the decision, I'm sure Canonical will make the right decision and adopt Wayland if necessary. Any other Linux distro is free to use Mir as a display server if they so please. I've yet to see anything "walled gardeny" distributed with a GPLv3/LGPLv3 license.

 

So this wouldn't effect the ISO's available via torrent?

I've always loved Mint, it just seems so easy to navigate, mod, use, etc. Once i've got my hardware issues sorted and have some free time, I have to try ElementaryOS and SuSE.

 

Of course doing your own display server is not against floss. Ubuntu is one of the most popular distross and because of that, going with their own display server may lead to program compatability issues between distros. We could end up with mir only programs or wayland only programs or worse cross platform programs, that ends up using some X compatibility which would be a step backwards. I hope that won't be the case but if it Iis then that to me would be a bit walled gardeny.

FLOSS and walled garden are not mutually exclusive concepts BTW.

 

It looks very Mac'ish doesn't it.

Yes i understand it's no way near the scale of Microsoft/Apple, its just for me personally the very fact that they include things like online search, advertising, and those sorts of things is an indication of their intentions, that's not to say they're going to force those things on people in the future like Microsoft & Apple, its just that I personally don't agree with that kind ethos.

AFAIK it wouldn't as once a torrents in circulation it's impossible to alter without changing the hash.