I wondered why they didn’t mention that the Universe repository comes without any form of official support and that unpaid community members are expected to cherry pick bug fixes and backport them, usually resulting in no updates, a potential security risk.
Then I scrolled down and they’re suggesting Ubuntu derivatives that are also affected by this (Mint pop). I have the suspicion that they don’t mention to make these two look good.
This was always the case. Main and restricted were guaranteed by Canonical, universe and multiverse fully owned by the community. A bunch of paying customers were unhappy with not getting updates to universe packages, so Canonical made a separate repository that would do that for Ubuntu Pro. Community members with access to the universe repository can still upload fixes there.
Original at https://www.linuxteck.com/ubuntu-trust-problem-2026/
I wondered why they didn’t mention that the Universe repository comes without any form of official support and that unpaid community members are expected to cherry pick bug fixes and backport them, usually resulting in no updates, a potential security risk.
Then I scrolled down and they’re suggesting Ubuntu derivatives that are also affected by this (Mint pop). I have the suspicion that they don’t mention to make these two look good.
See https://www.flu0r1ne.net/logs/ubuntu_withholding_universe_security_patches for a somewhat recent (2023) overview on that topic and how Ubuntu Pro plays into this.
This was always the case. Main and restricted were guaranteed by Canonical, universe and multiverse fully owned by the community. A bunch of paying customers were unhappy with not getting updates to universe packages, so Canonical made a separate repository that would do that for Ubuntu Pro. Community members with access to the universe repository can still upload fixes there.
Yes, I know. So? Doesn’t change the fact that users of Debian/Fedora/… don’t have to sign up for a “Pro” service to get the same security updates.