Security Support - Re: Let's Discuss Interim Releases (and a Rolling Release)

Jamie Strandboge jamie at
Thu Feb 28 18:19:20 UTC 2013

On 02/28/2013 10:23 AM, Scott Kitterman wrote:
> On Thursday, February 28, 2013 05:09:26 PM Martin Pitt wrote:
>>>  * Take a monthly snapshot of the development release, which we support
>>> only until the next snapshot
>> This is the main point where I have doubts and questions:
>>  * What does "support" mean for the monthly snapshots? Hopefully not
>>    security updates, SRUs, and backports? That would ruin pretty much
>>    all the savings that we do from dropping the interim releases.
> I think it's critical too.  Currently there is no security support in the 
> development series.  I have a hard time envisioning something with no support 
> from the Ubuntu security team as a release of any kind.  It's certainly not 
> something I could recommend who isn't involved in Ubuntu development run on a 
> system they care about.

As Marc mentioned, we do support the development release. We track CVEs
for it and fix it through patching, syncing or merging - whichever makes
the most sense for the update.

I strongly believe the rolling model will be very beneficial for Ubuntu
security. Sure, the Ubuntu security team currently stays on top of all
active releases of Ubuntu, but the more interim releases we have to
support, the more time is taken away from security features, proactive
auditing and lower priority (but still good to fix) issues.

At least as important is that many community supported packages are
predominately maintained only in the development release whether through
syncs, merges or uploads by Ubuntu developers. Stable releases get fewer
and fewer security contributions the older they get. I expect the
rolling release to continue to get the same timely community updates it
always has, but I'm hopeful people can now focus their other security
contributions to target the LTS release(s).

Jamie Strandboge       

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 899 bytes
Desc: OpenPGP digital signature
URL: <>

More information about the ubuntu-devel mailing list