Join Log in
Score:0
Lasse Kliemann avatar Ubuntu

Understanding the output of ubuntu-security-status

be flag
Lasse Kliemann 
# ubuntu-security-status
X packages installed, of which:
Y receive package updates with LTS until 4/2025

The output does not mention ESM. I activated my UA subscription on this machine, and the output is still the same. What does it mean?

(1) X-Y packages currently do not receive updates. If so, how can this be fixed?

(2) All of the X installed packages currently receive updates. At some point in the future before 4/2025, X-Y of them will stop receiving updates, unless ESM is activated (which should be the case after activating UA).

(3) Other, please specify.

35
0 + 0
esm
Nmath avatar
ng flag
Nmath
ESM only provides **critical updates**. Many packages will no longer get updates. ESM is not intended as a replacement for upgrading to a supported release. All users on ESM are strongly encouraged to upgrade to a supported release. Finally, releases that have gone into ESM do not receive community support, including on Ask Ubuntu. You can pay Canonical for a support plan if you need more support beyond access to critical updates. See: https://ubuntu.com/security/esm and https://ubuntu.com/blog/ubuntu-16-04-lts-transitions-to-extended-security-maintenance-esm
1
Reply
Lasse Kliemann avatar
be flag
Lasse Kliemann
ESM is not the point then; upgrading to the next release every 3 or so years is fine for me. Question remains: what is the status of the X-Y packages not named as supported until 4/2025? I guess they are from universe or multiverse. Are there any guarantees for such packages? Perhaps as a commercial option?
0
Reply
Nmath avatar
ng flag
Nmath
Not all packages are supported for 5 years. For example, there's only three years of support for all of the *flavours* of Ubuntu except for Ubuntu Server and Ubuntu Desktop (GNOME)
1
Reply
Lasse Kliemann avatar
be flag
Lasse Kliemann
Can we say that as long as I upgrade to the next Ubuntu release every 3 years, all packages will be supported? I'm reading some articles right now, and they claim that packages in `universe` and `multiverse` are not covered by any such guarantees. So in theory such packages could already have been outdated (possibly with security problems) on the day the currently installed version of Ubuntu was released.
0
Reply
Nmath avatar
ng flag
Nmath
You should probably do some more research about how Ubuntu is developed, especially in terms of how software [upstream](https://wiki.ubuntu.com/Upstream) makes it way into Ubuntu releases. Ubuntu doesn't develop all of the software in Ubuntu repositories. And the version numbers of software aren't the same between different releases. So Ubuntu 20.04 will have different versions of software than Ubuntu 21.10. The newer release can actually have newer versions of the same software than the LTS and 21.10 and its packages will still become unsupported before the LTS packages do.
1
Reply
Score:1
user535733 avatar Ubuntu
cn flag
user535733

The output should be the same until your LTS release reaches the end of its Standard Support (5 years). Then ESM begins.

Let's run through an example: Let's say you have package foo from the main repository on your Ubuntu 20.04 LTS system...

  • Standard Support for LTS releases is 5 years. So until April 2025, ALL users of foo will receive security upgrades from the Ubuntu Security Team via the focal-main repository (not ESM). The focal-main repo is open for all users without registration.

  • At the end of 5 years, Standard Support ends. Security upgrades in focal-main cease...and begin in ESM. ESM requires an Ubuntu Advantage subscription.

Packages in universe and multiverse are generally ineligible for ESM support. The Canonical-paid engineers on the Ubuntu Security Team promise to provide support for main and partner...and commit to nothing else. Security upgrades for packages in universe and multiverse should be coming from community volunteer members of the Ubuntu Security Team, but there is currently a shortage of willing volunteers to do that work.

Also, keep in mind that most security upgrades provided by the Ubuntu Security team are in the form of patched packages, NOT version bumps. The original purpose of an LTS is a long-term platform with the fewest software changes possible. Folks who want newer software during those 5+ years should look at non-LTS releases of Ubuntu.

0 + 0
Lasse Kliemann avatar
be flag
Lasse Kliemann
Can anything be said about packages not from `main`? I guess about X-Y packages on my system are from `universe` or `multiverse`.
0
Reply
user535733 avatar
cn flag
user535733
@LasseKliemann added two paragraphs to answer your follow-up question.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.