Re: [bitfolk] Ubuntu EOL dates - which to quote in general …

Top Page
This message is part of the following thread:
M\the complete thread tree sorted by date
MMAnahata at <-
MMEd Neville at ->

Reply to this message
Author: Philip Storry
Date:  
To: users
Subject: Re: [bitfolk] Ubuntu EOL dates - which to quote in general documentation?
On 30/01/2021 21:16, Andy Smith wrote:
> I don't think you have "standard security support" on anything in
> "universe", only in "main" - ever. As far as I understand Ubuntu
> security updates for packages in "universe" are best effort by the
> community, not by the Ubuntu Security Team.
>
>      https://wiki.ubuntu.com/SecurityTeam/FAQ

>
> or have I misunderstood?

I'm probably the one misunderstanding. :-)

It doesn't change my reasoning much though - "best effort" means that
effort is more likely to boil down to "upgrade to the newest LTS" rather
than backporting a patch. Best practice should be to be on a supported LTS.

> In my experience very few people understand about "main" vs
> "universe" and "multiverse". I might be one of them.
>
> Once again I will say that CentOS's straightforward 10 year support
> promise was one of the reasons why people liked it. But
> understandably that was a lot of work for Red Hat.

Yeah, although the downside is that it some projects just don't work
over such a timescale anyway. I have some CentOS servers I inherited at
work, and noticed one hadn't been updated for a long time. So I did an
update, which broke a PHP based website. I soon discovered that the
website used a very old PHP bytecode cache/accelerator configuration
that was no longer supported - and hadn't been for years. Fortunately it
was an easy fix - disable the accelerator, which was possible because
the website has very little traffic these days so it wasn't needed.

In the interests of balance, plenty of CentOS servers also updated
without issue. But it's plainly not guaranteed.

I think that the pace of many projects mean that assuming support for
longer than four to five years is probably unrealistic anyway. There are
some very mature and static projects that are less likely to have
breaking fixes - typically infrastructure like DNS/DHCP/mail servers/web
servers. But those servers should still be reviewed every few years,
just to ensure that their configuration meets modern norms. Leaving a
server in a metaphorical corner and hoping it's still fine is probably
not a good strategy...


Regards,

Phil



This message was posted to the following mailing lists:
users
Mailing List Info | Nearby Messages		<-Re: [bitfolk] Ubuntu EOL dates - which to quote in general documentation?[bitfolk] SpamCop->
Bitfolk Mailing List Archive administrated by List AdminLurker (version 2.3)