5

I think I understand the basic mechanics of the ESM service, but what the patches Canonical provides are unclear. I can imagine 2 scenarios under the release ESM model, and wonder which (if either) it is. Is it,

  1. Canonical will create fixes, but only share them with 'Ubuntu Pro' users, rather than share them with the broader community. (which is presumably allowed under the various licenses)?
  2. Alternatively, is it just that Canonical will build mainstream code into .deb packages and make these available?
  3. Something else?

If it is 1., will Canonical's security patches eventually be shared with the original software developers or the broader community?

mikemtnbikes
  • 278

1 Answers1

7

Security patches to packages in the main repository are shared with everybody immediately via the <release>-security repository.

  • Example: A patch to Foo 1.1 (jammy/main)
    will show up as Foo 1.1-1ubuntu0 (jammy/jammy-security) Everybody

Security patches to packages in the universe repository are shared 1) Immediately to Pro subscribers, and 2) Everybody in the next release of Ubuntu.

  • Example: A patch to Bar 1.1 (jammy/universe)
    will show up as Bar 1.1-1ubuntu0 (jammy/esm-apps) Pro Only
    and also in the next release of Ubuntu as Bar 1.2 (mantic/universe) Everybody

Alternately, if any community member is willing to spend the time applying security patches to a universe package, then any MOTU can upload it, and it can be available for everybody in <release>-updates/universe. This is the historic method and it's still available for anybody willing. The problem is simply that too few volunteers are willing.

  • Example: A patch to Baz 1.1 (jammy/universe)
    will show up as Baz 1.1-1ubuntu0 (jammy-updates/universe) Everybody
user535733
  • 68,493