Join Log in
Score:0
avatar Ubuntu

How to notice if a tool in the apt repository is still being maintained/which version I should use?

us flag
paul23

Well as per title, is there a cnonical way to understand if a certain library/tool is still actively being maintained?

When searching online for problems you often see blog post (or answers here) from like 10 years ago. And this made me wonder: how do I know if the tools specified there are still "good", maintained and safe.

This is especially problematic as it's just all too easy to type sudo apt-get install XYZ and ignore anything else just hoping it works. Does the apt repository itself give me a warning if a certain tool is buggy/has security breaches?

Or am I just at the merci of luckily finding a counter blog post for said tool?

42
1 + 5
apt
guiverc avatar
cn flag
guiverc
Look at where it came from, was it from *main* which means it will get security fixes completed for the *life* of the release you're using (9 months if non-LTS, 5 years if LTS). If it's from *universe* or community supported; it may only have 9 months, but if included on an ISO & supported by a *flavor* of Ubuntu, it may have 9 months or 3 years (not all releases are LTS; ie. two of 18.04 products came with only 9 months; one team provided further fixes via PPA - read the release notes!)
0
Reply
guiverc avatar
cn flag
guiverc
Yes if a LTS release, MOTU's can apply fixes for up to five years for *universe* if bugs are raised, but there are no guarantees on that (they apply to *main* & *restricted*). If it's 3rd party PPA or elsewhere, it's on you to perform the checks yourself. You can use `apt-cache policy` to view where a package came from (as example; many ways actually). How you look varies on what package, where from & I've only covered some *deb* packages (not *snap* or other packages that are available)....
0
Reply
us flag
paul23
@guiverc how do I know where it's from when I just see the command line to install?
0
Reply
guiverc avatar
cn flag
guiverc
I mentioned `apt-cache policy`, so assuming your XYZ package was `lubuntu-default-settings` a query tells me the package on my system came from `http://archive.ubuntu.com/ubuntu lunar/universe`; ie. official archive for my release (*lunar*) and from *universe* so it's community-support only; meaning 9 months for *lunar*. If my release was *jammy* for example; that would mean 3 years of support (LTS for community) with guarantee, but further 2 (getting to 5 years) only if bug is raised & MOTU patches (ie. 3 years only is guaranteed; where 5 year guarantee applies to *main*)
0
Reply
us flag
paul23
@guiverc could you make this into an answer?
0
Reply
Score:1
guiverc avatar Ubuntu
cn flag
guiverc

Look at where it came from, was it from main which means it will get security fixes completed for the life of the release you're using (9 months if non-LTS, 5 years if LTS). If it's from universe or community supported; it may only have 9 months, but if included on an ISO & supported by a flavor of Ubuntu, it may have 9 months or 3 years (not all releases are LTS; ie. two of 18.04 products came with only 9 months; one team (Ubuntu Studio 18.04) provided further fixes via PPA - so read the release notes & notices!)

Yes if a LTS release, MOTU's can apply fixes for up to five years for universe if bugs are raised, but there are no guarantees on that (they apply to main & restricted).

If it's 3rd party PPA or elsewhere, it's on you to perform the checks yourself. You can use apt-cache policy to view where a package came from (as example; many ways actually). No formula can predict these packages support, so you need to research this yourself.

How you look varies on what package, where from & I've only covered some deb packages (not snap or other package types that are available)

guiverc@hp8200-ubu:~$   apt-cache policy lubuntu-default-settings
lubuntu-default-settings:
  Installed: 23.04.4
  Candidate: 23.04.4
  Version table:
 *** 23.04.4 500
        500 http://archive.ubuntu.com/ubuntu lunar/universe amd64 Packages
        500 http://archive.ubuntu.com/ubuntu lunar/universe i386 Packages
        100 /var/lib/dpkg/status
guiverc@hp8200-ubu:~$

Assuming your XYZ package was lubuntu-default-settings a query tells me the package on my system came from http://archive.ubuntu.com/ubuntu lunar/universe; ie. official archive for my release (lunar) and from universe so it's community-support only; meaning 9 months for lunar.

If my release was jammy (22.04) for example; that would mean 3 years of support (LTS for community) with guarantee, but further 2 (getting to 5 years) only if bug is raised & MOTU patches (ie. 3 years only is guaranteed; where 5 year guarantee applies to main)

  • MOTU = 'Master of the Universe'; developer with rights to make changes during the life of the release to 'universe' packages; Core-Devs have this right too.
  • I think I used lubuntu-default-settings as it's easy to recognize (at least to me) it's a package included on our Lubuntu ISOs, thus would come with 3 year guarantee where it was a LTS release; also maybe as we recently changed it
+ 0
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.