Ubuntu Pro covers Universe packages, which weren't previously covered by official security updates. All the packages in main still get the same security updates as before without requiring Ubuntu Pro.
Was just going to say, they're merely making more obvious a situation that has long existed. But most people don't bother checking if packages they depend on are part of `main` or `universe` so I can see how this comes as a shock to some.
Ubuntu makes this worse by using "end-of-life" dates as End-of-ESM at various pages[0,1]. If you read that page, you'll assume all packages will be supported till EOL for all users. This is all it says about ESM:
> Extended Security Maintenance (ESM) provides security updates on Ubuntu LTS releases for additional 5 years. It is available with the Ubuntu Advantage subscription or a Free subscription.
The Pro page[2], now has a clear graphic comparing the security coverage, but this appears to be new.
But are they now continuing to ship the known-vulnerable version in universe for new installs moving forward, but then notifying the user that an up-sell opportunity exists if they want the fixed version?
So, when did universe packages get updates without ubuntu pro? Did they only update the debs for feature updates, and withhold inbetween updates if they only had security changes? That seems insane. Or did regular ubuntu (without subscription) just never update the universe packages at all?
I had the impression that, if anything, the non-main-repo things got more frequent (minor) updates.
In the past, Universe packages only got security updates if a member of the Ubuntu community submitted a fix for sponsoring. The community can still do this, but additionally, Ubuntu Pro exists which also updates universe packages.
Usually security updates for repos on gentoo I remember (not sure about ubuntu) was up to the repo maintainer, who often recieved no support. That's the price a user pays for using a non-mainline repo. I assume it's the same.
I assume repo maintainers ship security updates if it's a shipped tarball from upstream. However, some security updates are just patches, which require manual work from the maintainer. That is the issue I think, it's not as simple as delivering what upstream already gave you.
sjansen|3 years ago
captn3m0|3 years ago
> Extended Security Maintenance (ESM) provides security updates on Ubuntu LTS releases for additional 5 years. It is available with the Ubuntu Advantage subscription or a Free subscription.
The Pro page[2], now has a clear graphic comparing the security coverage, but this appears to be new.
[0]: https://wiki.ubuntu.com/Releases
[1]: https://ubuntu.com/about/release-cycle
[2]: https://ubuntu.com/pro
ta29783864293|3 years ago
captainmuon|3 years ago
I had the impression that, if anything, the non-main-repo things got more frequent (minor) updates.
mdeslaur|3 years ago
noobermin|3 years ago
I assume repo maintainers ship security updates if it's a shipped tarball from upstream. However, some security updates are just patches, which require manual work from the maintainer. That is the issue I think, it's not as simple as delivering what upstream already gave you.
noobermin|3 years ago