Was just going to say, they're merely making more obvious a situation that has long existed. But most people don't bother checking if packages they depend on are part of `main` or `universe` so I can see how this comes as a shock to some.
Ubuntu makes this worse by using "end-of-life" dates as End-of-ESM at various pages[0,1]. If you read that page, you'll assume all packages will be supported till EOL for all users. This is all it says about ESM:
> Extended Security Maintenance (ESM) provides security updates on Ubuntu LTS releases for additional 5 years. It is available with the Ubuntu Advantage subscription or a Free subscription.
The Pro page[2], now has a clear graphic comparing the security coverage, but this appears to be new.
Indeed. I see Ubuntu 20.04 imagemagick was updated with a security update in 2021 for free. Now, there is another update for imagemagick, but we have to pay for it.
The https://ubuntu.com/pro page says "best effort" for universe packages. Yet, they have an update for imagemagick, we just have to pay for the pro subscription to get it. How exactly is that "best effort"?
But are they now continuing to ship the known-vulnerable version in universe for new installs moving forward, but then notifying the user that an up-sell opportunity exists if they want the fixed version?
captn3m0|3 years ago
> Extended Security Maintenance (ESM) provides security updates on Ubuntu LTS releases for additional 5 years. It is available with the Ubuntu Advantage subscription or a Free subscription.
The Pro page[2], now has a clear graphic comparing the security coverage, but this appears to be new.
[0]: https://wiki.ubuntu.com/Releases
[1]: https://ubuntu.com/about/release-cycle
[2]: https://ubuntu.com/pro
cpncrunch|3 years ago
The release cycle page (https://ubuntu.com/about/release-cycle) has no mention of any differences in updates for universe vs base packages.
The https://ubuntu.com/pro page says "best effort" for universe packages. Yet, they have an update for imagemagick, we just have to pay for the pro subscription to get it. How exactly is that "best effort"?
ta29783864293|3 years ago
josephcsible|3 years ago