Secure new packages (such as LibreOffice) for laptop: backports or Guix?
Hi. My personal laptop runs no Internet services/servers. AFAIK, the
riskiest activity in it is web browsing and, occasionally, file sharing
over BitTorrent. I like recent software but fear the unreliability and
(most importantly) insecurity of Debian testing and unstable.
I have previously used testing. For better security, I watched debsecan
and debian-security-announce and tried to mitigate vulnerabilities,
generally by installing the update from unstable. It was very time
consuming and inconvenient because very often I had to reboot or at
least log out from Gnome then log back in.
Currently I use Debian stable. For security-critical packages such as
the kernel I stay on stable, even though I would love the better Btrfs
support from the backported kernel. But for some other packages I use
backports or Guix.
For LibreOffice, I am using version 7.2.3-2~bpo11+1 from backports. On
December 6 I got an email from announce@documentfoundation.org about
version 7.2.4, containing a security fix. Yet bullseye-backports is
still on 7.2.3-2~bpo11+1, and, according to the Debian changelog, that
version is from November 28. It seems therefore to be insecure.
Is this situation a rare problem, or is it representative of poor
security in backports? Should I downgrade LibreOffice 7.2.3-2~bpo11+1
to 7.0.4-4+deb11u1 ASAP?
And as a general rule, should I prefer backports, Guix, or do I have to
stay on stable for everything that connects to the Internet or processes
complex untrusted data (like LibreOffice documents)?
Regards
--
- Many people hate injustice but few check the facts; this causes more
injustice. Ask me about <https://stallmansupport.org>
- I am Brazilian. I hope my English is correct and I welcome feedback.
- Free Software Supporter: https://www.fsf.org/free-software-supporter
- If an email of mine arrives at your spam box, please notify me.
Reply to: