[Bug 1955471] Re: ubuntu-security-status shouldn't display information about ESM for Apps

Fri Jan 27 19:21:53 UTC 2023

got this message today on a 20.04

4:19 $ sudo apt upgrade 
Reading package lists... Done
Building dependency tree       
Reading state information... Done
Calculating upgrade... Done
The following security updates require Ubuntu Pro with 'esm-apps' enabled:
  libgraphicsmagick-q16-3 libmagick++-6.q16-8 libimage-magick-perl
  libmagickcore-6.q16-6-extra libimage-magick-q16-perl imagemagick
  libgegl-0.4-0 lynx-common libzmq5 python2.7-minimal libmagickwand-6.q16-6
  libgegl-common python2.7 python3-rsa lynx imagemagick-6.q16 libjs-jquery-ui
  libopenexr24 libsdl2-2.0-0 libsdl2-2.0-0 libmysofa1 libmagickcore-6.q16-6
  glances libpython2.7-minimal libpython2.7-stdlib imagemagick-6-common
Learn more about Ubuntu Pro at https://ubuntu.com/pro
The following packages will be upgraded:
  libsmbclient libwbclient0 python3-samba samba-common samba-common-bin samba-dsdb-modules samba-libs smbclient

14:19 $ date
Fri 27 Jan 2023 02:21:47 PM EST

-- 
You received this bug notification because you are a member of Ubuntu
Foundations Bugs, which is subscribed to update-manager in Ubuntu.
https://bugs.launchpad.net/bugs/1955471

Title:
  ubuntu-security-status shouldn't display information about ESM for
  Apps

Status in update-manager package in Ubuntu:
  Fix Released
Status in update-manager source package in Focal:
  Fix Released

Bug description:
  [Impact]

  Users could have a message saying that packages are covered by ESM-
  Apps even in series which are not under LTS support yet. ESM-Apps will
  cover that, but it is still unreleased, which lead to confusion on why
  users are seeing messages about it.

  ESM-Apps is currently a beta service, and users which explicitly
  enabled it can use it. Ubuntu Advantage Tools only shows relevant
  information about ESM-Apps if it is enabled. Ubuntu-security-status
  should do the same.

  [Test Plan]
  Attached to the bug there is a test script showing the messages, and how they behave with the proposed patch.

  [Where problems could occur]
  There may be problems if there is the desire to show ESM-Apps related information before it comes out of beta. If people (products people?) change their minds and want to show those messages, there would be a need of a subsequent SRU. This is not a possibility being considered today.

  People with access to ESM-Apps can still see the message and be
  confused about it, but if they have access to it in beta it means they
  have the appropriate context.

  [Additional Information]
  ubuntu-security-status is useful on its own (i.e. for Impish) but the changes we are making here are its integration with ubuntu-advantage and ESM which is not relevant for Impish so this change is not being SRU'ed there.

  [Original Description]

  There seems to be a misleading, incorrect message in

  ubuntu-security-status

  ESM wouldn’t be needed (or even enabled) until 20.04 is EOL, in 2025.

  ---

  See this link:

  https://discourse.ubuntu.com/t/why-is-extended-security-maintenance-
  needed-for-apps-in-ubuntu-20-04-x-lts-in-2021/25871

  tester at lenovo-v130:~$ ubuntu-security-status
  1832 packages installed, of which:
  1673 receive package updates with LTS until 4/2025
   152 could receive security updates with ESM Apps until 4/2030
     7 packages are from third parties

  Packages from third parties are not provided by the official Ubuntu
  archive, for example packages from Personal Package Archives in
  Launchpad.
  For more information on the packages, run 'ubuntu-security-status
  --thirdparty'.

  Enable Extended Security Maintenance (ESM Apps) to get 10 security
  updates (so far) and enable coverage of 152 packages.

  This machine is not attached to an Ubuntu Advantage subscription.
  See https://ubuntu.com/advantage
  tester at lenovo-v130:~$

  Questions

      Why is Extended Maintenance needed for apps in Ubuntu 20.04.x LTS
  in 2021?

      Which are those 10 security updates that need ESM? Is there a link
  where they are listed?

      Where are the 152 packages (that need ESM) listed?

  ---

  I was told to report this as a bug by oSoMoN:

          Why is Extended Maintenance needed for apps in Ubuntu 20.04.x LTS in 2021?
          Which are those 10 security updates that need ESM? Is there a link where they are listed?

  This sounds like a misleading, incorrect message. ESM wouldn’t be
  needed (or even enabled) until 20.04 is EOL, in 2025. Can you file a
  bug issuing the following command: ubuntu-bug update-manager-core ?

  ProblemType: BugDistroRelease: Ubuntu 20.04
  Package: update-manager-core 1:20.04.10.9
  ProcVersionSignature: Ubuntu 5.11.0-43.47~20.04.2-generic 5.11.22
  Uname: Linux 5.11.0-43-generic x86_64
  ApportVersion: 2.20.11-0ubuntu27.21
  Aptdaemon:

  Architecture: amd64
  CasperMD5CheckResult: skip
  CurrentDesktop: ubuntu:GNOME
  Date: Tue Dec 21 09:43:33 2021
  GsettingsChanges:
   b'com.ubuntu.update-manager' b'launch-count' b'12'
   b'com.ubuntu.update-manager' b'first-run' b'false'
   b'com.ubuntu.update-manager' b'launch-time' b'int64 1639852408'
  InstallationDate: Installed on 2020-09-04 (472 days ago)
  InstallationMedia: Ubuntu 20.04.1 LTS "Focal Fossa" - Release amd64 (20200731)
  PackageArchitecture: allSourcePackage: update-manager
  UpgradeStatus: No upgrade log present (probably fresh install)

To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/1955471/+subscriptions