Will ESM patches eventually be shared with the community?

mikemtnbikes

7/10/24, 2:16 PM

I think I understand the basic mechanics of the ESM service, but what the patches Canonical provides are unclear. I can imagine 2 scenarios under the release ESM model, and wonder which (if either) it is. Is it,

Canonical will create fixes, but only share them with 'Ubuntu Pro' users, rather than share them with the broader community. (which is presumably allowed under the various licenses)?
Alternatively, is it just that Canonical will build mainstream code into .deb packages and make these available?
Something else?

If it is 1., will Canonical's security patches eventually be shared with the original software developers or the broader community?

528

1 + 2

updates

esm

Esther

7/10/24, 2:33 PM

I'm pretty sure it's a combination of (1) and (2), and esm sources are already available on esm.ubuntu.com/

user535733

7/10/24, 5:35 PM

"*will Canonical's security patches eventually be shared with the original software developers...?*" Many patches come from the upstream developers already. Patches that are written by the Ubuntu Security Team are not kept secret. They are shared.

Score:6

Ubuntu

user535733

7/10/24, 2:57 PM

Security patches to packages in the main repository are shared with everybody immediately via the <release>-security repository.

Example: A patch to Foo 1.1 (jammy/main)
will show up as Foo 1.1-1ubuntu0 (jammy/jammy-security) Everybody

Security patches to packages in the universe repository are shared 1) Immediately to Pro subscribers, and 2) Everybody in the next release of Ubuntu.

Example: A patch to Bar 1.1 (jammy/universe)
will show up as Bar 1.1-1ubuntu0 (jammy/esm-apps) Pro Only
and also in the next release of Ubuntu as Bar 1.2 (mantic/universe) Everybody

Alternately, if any community member is willing to spend the time applying security patches to a universe package, then any MOTU can upload it, and it can be available for everybody in <release>-updates/universe. This is the historic method and it's still available for anybody willing. The problem is simply that too few volunteers are willing.

Example: A patch to Baz 1.1 (jammy/universe)
will show up as Baz 1.1-1ubuntu0 (jammy-updates/universe) Everybody

+ 0

Elon Musk

I sit in a Tesla and translated this thread with Ai:

EN: Will ESM patches eventually be shared with the community?

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.