Sunday, April 28, 2024
Homepage · updates
 Popular · Latest · Hot · Upcoming
7
rated 0 times [  7] [ 0]  / answers: 1 / hits: 1774  / 1 Year ago, sun, may 7, 2023, 11:09:09

What happens if there is a security problem in a package in the universe repository four years after the 12.04 LTS release; will the package be updated from upstream, patched, or left alone?



It's my understanding that the "5 years of support & security updates" applies only to the core of Ubuntu -- anything in Main repository. Not for things in the Universe repository.



For a more specific example -- if I install Ruby now, and want to use it for the next several years on 12.04 and it has a security vulnerability; while this might be patched in the upstream (so I could always download the latest from their website and compile it myself or use a PPA), will this upstream fix be migrated into the precise package repositories? What about backports?


More From » updates
 Answers
2

Packages in Universe are community maintained. Whether or not they get security updates depends entirely on the community who uses them.



Instructions for contributing security updates for packages in Universe are here:



https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures#Preparing_an_update



Basically, anybody can file a bug, attach a debdiff, subscribe the ubuntu-security-sponsors team and someone from the team will look at it to make sure it's ok, and then sponsor it to the archive.


[#29987] Tuesday, May 9, 2023, 1 Year  [reply] [flag answer]
Only authorized users can answer the question. Please sign in first, or register a free account.
mocipe
Add To Favorites
Follow
Total Points: 161
Total Questions: 106
Total Answers: 118
Location: Cambodia
Member since Thu, Oct 7, 2021
3 Years ago
;