Ubuntu LTS20.04 - wireguard package
Robie Basak
robie.basak at ubuntu.com
Mon Jan 10 19:15:42 UTC 2022
On Fri, Jan 07, 2022 at 09:25:44AM +0100, Filip Menke wrote:
> Is there a reason why the wireguard package is outdated and no updates are available through the standard update process(apt-get update / upgrade)?
Updates to packages in stable releases in Ubuntu are only made under
special circumstances. That's the point of a stable release, and what we
mean by "stable".
We do release Ubuntu with many packages updated every six months. By
choosing to stay on an older release, you're making the choice not to
take those updates.
See https://wiki.ubuntu.com/StableReleaseUpdates for details of the
policy. If there's some specific reason you think that wireguard needs
updating, then this documentation should help you to state your case.
But the norm is that we don't just "automatically" update packages in
stable releases.
> Users must update the package manually and from a security perspective a VPN server should be always up to date otherwise the system could be vulnerable..
We have a separate security update process to fix security
vulnerabilities. There are currently no known outstanding security
vulnerabilities in wireguard:
https://ubuntu.com/security/cve?q=&package=wireguard&priority=&version=&status=
Hope that helps,
Robie
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: not available
URL: <https://lists.ubuntu.com/archives/ubuntu-devel-discuss/attachments/20220110/3f7ddc8b/attachment.sig>
More information about the Ubuntu-devel-discuss
mailing list