jamie at canonical.com
Mon Dec 12 21:24:50 UTC 2011
On Mon, 2011-12-12 at 17:15 +0000, Jonathan Riddell wrote:
> Hi, I'd like to propose that Kubuntu 12.04 is LTS for 5 years.
> The details are at
The Kubuntu proposal states the following:
* KDE has active security updates from upstream.
* Qt has active security updates from upstream.
* Kubuntu security updates are handled by either Kubuntu or Ubuntu
Security team as currently.
While it is true that KDE and Qt do provide predisclosure and active
security updates, they have already stopped providing this support for
the versions of KDE in 10.04 LTS, and 10.04 is only 2.5 years into its
LTS. Is there a firm commitment from upstream regarding their support
for KDE4 (especially considering they will be busy with KDE/Qt 5) for 5
Also, KDE/Qt has not provided any assistance with qtwebkit and this is
putting their users at risk. I strongly advise that Kubuntu move to
Ubuntu's supported browser, Firefox so that users may continue to get
timely security updates for their browser-- arguably one of the most
important applications for any desktop user.
Furthermore, while the Ubuntu Security team has been performing security
updates for Kubuntu, the support from the Kubuntu community has waned in
this regard. At this point, we still get patch URLs, but often debdiffs
are only for the latest release (or maybe where the patch applies
cleanly). It is unclear how much testing is performed on the supplied
debdiffs and so full testing must be performed by the Ubuntu Security
team. Backporting and testing puts a strain on our team. Perhaps the
waning of contributions is due to temporary role rotations from within
Canonical. Do we have a commitment from the Kubuntu community to provide
support for Kubuntu like with other recognized flavors? I am strongly in
favor of Kubuntu being treated like other recognized flavors-- ie where
the Ubuntu Security team provides notification to the flavor's security
contact and sponsors patches with testing falling on the community (ie,
if the security contact for the recognized flavor tells us to publish,
we do so).
Jamie Strandboge | http://www.canonical.com
-------------- next part --------------
A non-text attachment was scrubbed...
Size: 836 bytes
Desc: This is a digitally signed message part
More information about the technical-board