Support status of nginx in Ubuntu 14.04LTS expired in Feburary 2015?
Steve Langasek
steve.langasek at ubuntu.com
Mon Apr 25 20:12:47 UTC 2016
On Mon, Apr 25, 2016 at 03:05:23PM -0400, Stéphane Graber wrote:
> > Short answer: don't use ubuntu-support-status, it doesn't work.
> > Long answer: ubuntu-support-status is a deprecated tool that used to be used
> > when we had a 3y/5y split on desktop and server packages. It returns the
> > contents of the "Supported:" tag which hasn't been updated since Ubuntu 10.04
> > LTS. I've filed a bug to get it removed:
> > https://bugs.launchpad.net/ubuntu/+source/update-manager/+bug/1574670
> The Supported: field logic actually got updated on release week for
> 16.04, so it's absolutely meant to be meaningful.
> The code for that logic can be found at:
> http://bazaar.launchpad.net/~ubuntu-archive/ubuntu-archive-publishing/trunk/view/head:/scripts/maintenance-check.py
> If the logic doesn't match reality, then someone should send a branch to
> fix the logic.
> Note that it's long been the case that the fact that a package is in
> main or in universe doesn't necessarily indicate support length. We have
> plenty of packages in universe with support for 3 years or 5 years
> during LTS cycles and there are a number of packages that are in main
> but aren't part of a product and so aren't supported past the 9 months
> mark.
Errrr, no. Anything that's in main is LTS-supported. As of 16.04, this
should be 100% guaranteed; if it's not supported it wouldn't be in main.
And when you say that there are packages in universe that are supported for
3 or 5 years, I believe you are referring to support for flavor images. I
think this a case of an unfortunate conflation of different kinds of
"support". How many packages shipped in community flavors have had CVEs
issued for them over the years? And how many of these CVEs have we had USNs
for?
If the answer to the first question is "we don't know how many CVEs there
have been because nobody is tracking", then clearly, this is not the same
kind of support that we mean when we talk about the support that Canonical
provides for packages in main - and which does encompass all of main, not
just packages that are seeded on images.
--
Steve Langasek Give me a lever long enough and a Free OS
Debian Developer to set it on, and I can move the world.
Ubuntu Developer http://www.debian.org/
slangasek at ubuntu.com vorlon at debian.org
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20160425/c66ec455/attachment.sig>
More information about the Ubuntu-devel-discuss
mailing list