upvote

points

by Washuu1 days ago |
comments
upvoteby xenophonf1 days ago|
[-]
> quite annoying

It's also quite stable, which you'd think more people would prize given the recent and on-going supply chain attacks.

reply
upvoteby thewebguyd23 hours ago|
parent|
next
[-]
Stable as in unchanging, sure.

Stable can also mean "you get to keep all the bugs present in this version for the next 4+ years"

reply
upvoteby jandrese22 hours ago|
parent|
[-]
Or worse, the kernel moves beyond the package in the repo so a year and a half later it doesn't even work anymore.

VirtualBox is really bad about this.

reply
upvoteby happyopossum1 days ago|
parent|
prev|
[-]
Given the recent dramatic uptick in vulnerability discoveries, it's also prone to being quite insecure...
reply
upvoteby xmprt23 hours ago|
parent|
[-]
LTS still typically get security updates. That's what the support in long term support means.
reply
upvoteby moskimus22 hours ago|
parent|
[-]
This gets thrown around a lot, but it's not entirely true. Depending on the particular distro, only certain core packages are likely to get updates on LTS releases. Non-core packages may just get left to rot until the next LTS release. Specifically Ubuntu follows this. A lot of their non-core packages just get imported from Debian and then just sit unmaintained until next release (this goes doubly if not using Ubuntu Pro).
reply
upvoteby thewebguyd22 hours ago|
parent|
next
[-]
Especially frightening when you look at how much everyday stuff is actually in the Universe repo in Ubuntu. Without Ubuntu Pro, your LTS system can sit in a very insecure state for a long time as patching Universe is "best effort" from the community.

Most popular GUI stuff is from universe, as are quite a few dev tools. Some examples: Gimp, Inkscape, pip (and a ton of python packages), most of gnome, a big chunk of KDE, htop, mariadb, etc.

See for yourself grep -h "^Package:" /var/lib/apt/lists/_universe__Packages | awk '{print $2}' | sort -u

Or to see only what you have installed from Universe: comm -12 <(dpkg-query -f '${Package}\n' -W | sort) <(grep -h "^Package:" /var/lib/apt/lists/_universe__Packages | awk '{print $2}' | sort -u)

A big repo isn't always better.

reply
upvoteby Milpotel19 hours ago|
parent|
prev|
[-]
> Depending on the particular distro, only certain core packages are likely to get updates on LTS releases.

All LTS distros fix only some core packages sporadically as no one is able to back port all the patches esp. since most packages do not use CVEs and just fix bugs on the go. "Stable" for non-rolling distributions simply means "horribly broken and outdated".

reply
upvoteby manwe15016 hours ago|
parent|
[-]
It’s not horribly broken any more than your toaster is for not needing constant updates. Though I do have such a longstanding love/hate relationship with Ubuntu because of this. It is why it runs everywhere and just works (even powers the WSL2 defaults), but everything it provides also always so very far behind I end up recompiling so much important stuff by hand.
reply
upvoteby Milpotel11 hours ago|
parent|
[-]
> It’s not horribly broken any more than your toaster is for not needing constant updates.

I don't know where this sense of "stable" in the community comes from. Software isn't perfect and gets fixed all the time. Yes, there are packages with different maintained stable branches that you can pin for your LTS distribution but this is by far the minority. For the other stuff you constantly have to work around missing features or existing bugs. E.g., why do I have to compile "jq" by myself just because the outdated package crashes on certain inputs?!

reply
upvoteby shakna9 hours ago|
parent|
[-]
The "outdated" package, probably has all these security fixes [0]. That's why it exists - to maintain something safely. You step back from latest and greatest, to not get a compromised system the next time something goes wrong.

[0] https://sources.debian.org/patches/jq/1.7.1-6+deb13u2/

reply