What does LTS really mean? The 5 years question.
What does LTS really mean? The 5 years question.
Let me start with a note about a problem: There is no known English source for the problem. Sorry about it. But the fact that I can only provide a link to a German article does not reduce the problem, that I got aware today.
The rather well evaluated German web-site heise.de (most likely the best in German language) published today an article about Ubuntu LTS: Long time support is only available for the most important (translated title). Link
Short summary: Only the packages from the main repository, but not for universe, get 5 years support. That means, that many security holes do not or only by chance get closed. The article mentions, that this is e.g. different to Debian. Packages of universe get at best 3 years support, often only 9 months!.
There is a pre-installed terminal command ubuntu-support-status (in Mint you can install, but it does not work), which shows you, how long the packages get supported. I did an install of Ubuntu 16.04 and added nothing except the language packs, which were missing after installation and synaptic. Result: I have already with this very basic system (Ubuntu misses several things, that we are used to find in a fresh Mint installation) already 8 packages with 3 years support and 4 packages with 9 months support, 2 not supported at all (no ppa added)!
The article comes to the conclusion, that the fact, that Ubuntu desktops are not so often attacked, is only to explain with the comparably small number of installations. This does not sound good. And I wonder, why Ubuntu does not give full support as advertised, as Debian does. (I cannot judge, if is this is really true for Debian, I have to rely to the article, which says so in the very last sentence.)
I wonder, if I should switch to LMDE2. Not sure about it yet, but worth to think about it.
The rather well evaluated German web-site heise.de (most likely the best in German language) published today an article about Ubuntu LTS: Long time support is only available for the most important (translated title). Link
Short summary: Only the packages from the main repository, but not for universe, get 5 years support. That means, that many security holes do not or only by chance get closed. The article mentions, that this is e.g. different to Debian. Packages of universe get at best 3 years support, often only 9 months!.
There is a pre-installed terminal command ubuntu-support-status (in Mint you can install, but it does not work), which shows you, how long the packages get supported. I did an install of Ubuntu 16.04 and added nothing except the language packs, which were missing after installation and synaptic. Result: I have already with this very basic system (Ubuntu misses several things, that we are used to find in a fresh Mint installation) already 8 packages with 3 years support and 4 packages with 9 months support, 2 not supported at all (no ppa added)!
The article comes to the conclusion, that the fact, that Ubuntu desktops are not so often attacked, is only to explain with the comparably small number of installations. This does not sound good. And I wonder, why Ubuntu does not give full support as advertised, as Debian does. (I cannot judge, if is this is really true for Debian, I have to rely to the article, which says so in the very last sentence.)
I wonder, if I should switch to LMDE2. Not sure about it yet, but worth to think about it.
Re: What does LTS really mean? The 5 years question.
I wrote a topic Comparing package bases: Ubuntu vs Debian about this last year, where I cover the support policies of Ubuntu and Debian. The topic might give you some more thoughts for choosing the Debian package base.
I didn't know about ubuntu-support-status, interesting.
I didn't know about ubuntu-support-status, interesting.

Re: What does LTS really mean? The 5 years question.
Thank you for pointing to your old (but still current) article. It will definitely take some time to think about the situation and to make a decision, what to do. Analyzing the situation in a Mint main edition is a problem, because of the not functioning ubuntu-support-status command.
Re: What does LTS really mean? The 5 years question.
I don't understand this thread. What's the problem (in layman terms please)? Are you saying that apps included with Mint's installation (Ubuntu version) don't have 5 years worth of security updates?
Re: What does LTS really mean? The 5 years question.
technically - NO - they don't
it's usually only the 'core' parts of the system, that get updates,
for that period of time.
in that other, non-core parts - are gradually dropped off.
eg: like medibuntu was dropped, in that Ubuntu version.
but - things like FF & LOo are part of the 'core' and as such ,
generally are updated, right until the end of the cycle.

it's usually only the 'core' parts of the system, that get updates,
for that period of time.
in that other, non-core parts - are gradually dropped off.
eg: like medibuntu was dropped, in that Ubuntu version.
but - things like FF & LOo are part of the 'core' and as such ,
generally are updated, right until the end of the cycle.

Please edit your original post title to include [SOLVED] - when your problem is solved!
and DO LOOK at those Unanswered Topics - - you may be able to answer some!.
-
- Level 4
- Posts: 211
- Joined: Sat Oct 24, 2015 1:27 am
Re: What does LTS really mean? The 5 years question.
When I use the command in my freshly installed Kubuntu 16.04 I get this:
A long list, I know, but it shows per package how long it is supported. At least that is what I think I read. What is strange is, almost at the top in the section unsupported, I also see Google-chrome-stable. This might not be supported by (K)ubuntu but will be by Google.
Code: Select all
jan@Kubuntu1604:~$ ubuntu-support-status --show-all
Support status summary of 'Kubuntu1604':
You have 27 packages (1.3%) supported until januari 2017 (9m)
You have 677 packages (33.7%) supported until april 2019 (3y)
You have 1296 packages (64.6%) supported until april 2021 (5y)
You have 0 packages (0.0%) that can not/no-longer be downloaded
You have 7 packages (0.3%) that are unsupported
No longer downloadable:
Unsupported:
flashplugin-installer google-chrome-stable gstreamer1.0-plugins-ugly
gstreamer1.0-plugins-ugly-amr kubuntu-restricted-addons libsidplay1v5
oxideqt-codecs-extra
Supported until januari 2017 (9m):
freepats gstreamer1.0-plugins-bad gstreamer1.0-plugins-bad-faad
gstreamer1.0-plugins-bad-videoparsers kuser libde265-0
libgstreamer-plugins-bad1.0-0 liblsan0 libmimic0 libmpeg2encpp-2.1-0
libmplex2-2.1-0 libofa0 libopencv-calib3d2.4v5 libopencv-contrib2.4v5
libopencv-features2d2.4v5 libopencv-flann2.4v5 libopencv-legacy2.4v5
libopencv-ml2.4v5 libopencv-objdetect2.4v5 libopencv-video2.4v5
libsoundtouch1 libspandsp2 libsrtp0 libtsan0 libwildmidi-config
libwildmidi1 libzbar0
Supported until april 2019 (3y):
accountwizard akonadi-backend-mysql akonadi-server akregator amarok
amarok-common amarok-utils apport-kde apturl-kde ark baloo-kf5
baloo-utils bluedevil breeze breeze-cursor-theme breeze-icon-theme
catdoc cdparanoia cdrdao debconf-kde-data discover discover-data
docbook-xml docbook-xsl dolphin dragonplayer dvd+rw-tools
fonts-dejavu fonts-noto fonts-noto-hinted fonts-noto-unhinted
fonts-oxygen frameworkintegration freerdp-x11 gpgsm growisofs
gstreamer-qapt gstreamer1.0-libav gstreamer1.0-nice
gtk2-engines-oxygen gtk2-engines-pixbuf gtk3-engines-breeze gwenview
ibus-qt4 icoutils k3b k3b-data k3b-i18n kaccounts-integration
kaccounts-providers kactivities kaddressbook kamera kate kate-data
kate5-data katepart kcalc kde-baseapps-bin kde-baseapps-data
kde-cli-tools kde-cli-tools-data kde-config-gtk-style
kde-config-gtk-style-preview kde-config-mailtransport
kde-config-screenlocker kde-config-sddm kde-config-telepathy-accounts
kde-config-whoopsie kde-l10n-engb kde-runtime kde-runtime-data
kde-spectacle kde-style-breeze kde-style-breeze-qt4
kde-style-oxygen-qt5 kde-style-qtcurve-qt4 kde-style-qtcurve-qt5
kde-telepathy kde-telepathy-approver kde-telepathy-auth-handler
kde-telepathy-contact-list kde-telepathy-data
kde-telepathy-desktop-applets kde-telepathy-filetransfer-handler
kde-telepathy-integration-module kde-telepathy-kaccounts
kde-telepathy-kpeople kde-telepathy-minimal kde-telepathy-send-file
kde-telepathy-text-ui kdeconnect kdeconnect-plasma kded5
kdegraphics-strigi-analyzer kdelibs-bin kdelibs5-data
kdelibs5-plugins kdemultimedia-kio-plugins kdenetwork-filesharing
kdepim-doc kdepim-runtime kdepimlibs-data kdepimlibs-kio-plugins
kdeplasma-addons-data kdesudo kdoctools kdoctools5 kgamma5
khelpcenter khotkeys khotkeys-data kimageformat-plugins kinfocenter
kinit kio kio-audiocd kio-extras kio-extras-data kio-mtp kmail
kmenuedit knotes konsole konsole-kpart kontact konversation
konversation-data korganizer kpackagelauncherqml kpackagetool5 krdc
kross kscreen ksshaskpass ksysguard ksysguard-data ksysguardd
ksystemlog ktexteditor-data ktexteditor-katepart ktnef ktorrent
ktorrent-data kubuntu-driver-manager kubuntu-notification-helper
kubuntu-settings-desktop kubuntu-web-shortcuts kwalletmanager
kwayland-data kwayland-integration kwin kwin-addons kwin-common
kwin-data kwin-style-breeze kwin-x11 kwrited language-pack-kde-en
liba52-0.7.4 libakonadi-kde4 libakonadi-kmime4
libakonadiprotocolinternals1 libappstreamqt1 libattica0.4
libavahi-gobject0 libavcodec-ffmpeg56 libbaloocore4 libbaloofiles4
libbalooxapian4 libchm1 libchromaprint0 libcln6 libcrystalhd3 libdca0
libdebconf-kde1 libdiscover2 libdlrestrictions1 libdmtx0a
libdolphinvcs5 libepub0 libfaad2 libfakekey0 libfam0
libfarstream-0.2-5 libflac++6v5 libfluidsynth1 libfreerdp-rail1.1
libgit2-24 libgps22 libgrantlee-templates5 libgrantlee-textdocument5
libgsm1 libgssdp-1.0-3 libgupnp-1.0-4 libgupnp-igd-1.0-4
libhttp-parser2.1 libibus-qt1 libiso9660-8 libk3b6
libk3b6-extracodecs libkabc4 libkaccounts1 libkactivities6 libkate1
libkatepartinterfaces4 libkcalcore4 libkcddb4 libkcmutils4
libkcompactdisc4 libkde3support4 libkdeclarative5
libkdecorations2-5v5 libkdecorations2private5v5 libkdecore5 libkdesu5
libkdeui5 libkdewebkit5 libkdnssd4 libkemoticons4 libkexiv2-11v5
libkexiv2-data libkf5activities5 libkf5activitiesexperimentalstats1
libkf5akonadiagentbase5 libkf5akonadicalendar5 libkf5akonadicontact5
libkf5akonadicore-bin libkf5akonadicore5 libkf5akonadimime5
libkf5akonadinotes5 libkf5akonadiprivate5 libkf5akonadisearchdebug5
libkf5akonadisearchpim5 libkf5akonadiwidgets5 libkf5alarmcalendar5
libkf5archive5 libkf5attica5 libkf5auth-data libkf5auth5 libkf5baloo5
libkf5balooengine5 libkf5baloowidgets-bin libkf5baloowidgets5
libkf5bluezqt-data libkf5bluezqt6 libkf5bookmarks-data
libkf5bookmarks5 libkf5calendarcore5 libkf5calendarevents5
libkf5calendarsupport5 libkf5calendarutils5 libkf5codecs-data
libkf5codecs5 libkf5completion-data libkf5completion5
libkf5config-bin libkf5config-data libkf5configcore5 libkf5configgui5
libkf5configwidgets-data libkf5configwidgets5 libkf5contacts-data
libkf5contacts5 libkf5coreaddons-data libkf5coreaddons5 libkf5crash5
libkf5dbusaddons-bin libkf5dbusaddons-data libkf5dbusaddons5
libkf5declarative-data libkf5declarative5 libkf5dnssd-data
libkf5dnssd5 libkf5emoticons-bin libkf5emoticons-data
libkf5emoticons5 libkf5eventviews5 libkf5filemetadata-bin
libkf5filemetadata-data libkf5filemetadata3 libkf5followupreminder5
libkf5gapi-data libkf5gapicalendar5 libkf5gapicontacts5
libkf5gapicore5 libkf5gapidrive5 libkf5gapitasks5
libkf5globalaccel-bin libkf5globalaccel-data libkf5globalaccel5
libkf5globalaccelprivate5 libkf5gpgmepp-pthread5 libkf5gpgmepp5
libkf5gravatar5 libkf5guiaddons5 libkf5holidays-data libkf5holidays5
libkf5i18n-data libkf5i18n5 libkf5iconthemes-bin
libkf5iconthemes-data libkf5iconthemes5 libkf5identitymanagement5
libkf5idletime5 libkf5imap5 libkf5incidenceeditorsng5
libkf5itemmodels5 libkf5itemviews-data libkf5itemviews5
libkf5jobwidgets-data libkf5jobwidgets5 libkf5js5 libkf5jsembed-data
libkf5jsembed5 libkf5kcmutils-data libkf5kcmutils5 libkf5kdcraw5
libkf5kdelibs4support-data libkf5kdelibs4support5
libkf5kdelibs4support5-bin libkf5kdepimdbusinterfaces5
libkf5kdgantt2-5 libkf5khtml-bin libkf5khtml-data libkf5khtml5
libkf5kiocore5 libkf5kiofilewidgets5 libkf5kiontlm5 libkf5kiowidgets5
libkf5kipi-data libkf5kipi30.0.0 libkf5kmanagesieve5
libkf5kontactinterface-data libkf5kontactinterface5 libkf5krosscore5
libkf5krossui5 libkf5ksieve5 libkf5ksieveui5 libkf5ldap5
libkf5libkdepim5 libkf5libkleo5 libkf5mailcommon5 libkf5mailimporter5
libkf5mailtransport-data libkf5mailtransport5 libkf5mbox5
libkf5messagecomposer5 libkf5messagecore5 libkf5messagelist5
libkf5messageviewer5 libkf5mime5 libkf5modemmanagerqt6
libkf5networkmanagerqt6 libkf5newstuff-data libkf5newstuff5
libkf5noteshared5 libkf5notifications-data libkf5notifications5
libkf5notifyconfig-data libkf5notifyconfig5 libkf5package-data
libkf5package5 libkf5parts-data libkf5parts-plugins libkf5parts5
libkf5people-data libkf5people5 libkf5peoplebackend5
libkf5peoplewidgets5 libkf5pimcommon5 libkf5pimtextedit5
libkf5plasma5 libkf5plasmaquick5 libkf5prison1 libkf5pty-data
libkf5pty5 libkf5qgpgme5 libkf5quickaddons5 libkf5runner5
libkf5screen-bin libkf5screen6 libkf5sendlater5 libkf5service-bin
libkf5service-data libkf5service5 libkf5solid5 libkf5solid5-data
libkf5sonnet5-data libkf5sonnetcore5 libkf5sonnetui5 libkf5style5
libkf5su-bin libkf5su-data libkf5su5 libkf5syndication5
libkf5sysguard-bin libkf5sysguard-data libkf5templateparser5
libkf5texteditor5 libkf5texteditor5-libjs-underscore
libkf5textwidgets-data libkf5textwidgets5 libkf5threadweaver5
libkf5tnef5 libkf5unitconversion-data libkf5unitconversion5
libkf5wallet-bin libkf5wallet-data libkf5wallet5 libkf5waylandclient5
libkf5waylandserver5 libkf5webkit5 libkf5widgetsaddons-data
libkf5widgetsaddons5 libkf5windowsystem-data libkf5windowsystem5
libkf5xmlgui-bin libkf5xmlgui-data libkf5xmlgui5
libkf5xmlrpcclient-data libkf5xmlrpcclient5 libkfile4
libkfilemetadata4 libkfontinst5 libkfontinstui5 libkhtml5
libkidletime4 libkio5 libkjsapi4 libkjsembed4 libkldap4
libkmediaplayer4 libkmime4 libknewstuff2-4 libknewstuff3-4
libknotifyconfig4 libkntlm4 libkolab1 libkolabxml1v5 libkonq-common
libkonq5-templates libkparts4 libkpimutils4 libkprintutils4 libkpty4
libkresources4 libkrosscore4 libksane-data libksane0
libkscreenlocker5 libksgrd7 libksignalplotter7 libktexteditor4
libktorrent-l10n libktorrent5 libktpcommoninternals9 libktplogger9
libktpmodels9 libktpotr9 libktpwidgets9 libkubuntu1
libkwalletbackend5-5 libkwin4-effect-builtins1 libkwineffects7
libkwinglutils7 libkwinxrenderutils7 libkworkspace5-5
libkxmlrpcclient4 liblastfm1 liblmdb0 libloudmouth1-0 libmad0
libmeanwhile1 libmission-control-plugins0 libmjpegutils-2.1-0 libmms0
libmp3lame0 libmpcdec6 libmpeg2-4 libmpg123-0 libmusicbrainz5cc2v5
libmygpo-qt1 libnice10 libntrack-qt4-1 libntrack0 libokularcore7
libopenconnect5 libopencore-amrnb0 libopencore-amrwb0 libopenjpeg5
libotr5 liboxygenstyle5-5 liboxygenstyleconfig5-5 libpackagekitqt5-0
libpam-kwallet4 libpam-kwallet5 libperl4-corelibs-perl libphonon4
libphonon4qt5-4 libplasma-geolocation-interface5 libplasma3
libpolkit-qt-1-1 libpolkit-qt5-1-1 libpoppler-qt4-4 libpoppler-qt5-1
libpowerdevilcore2 libpowerdevilui5 libprocesscore7 libprocessui7
libpurple-bin libpurple0 libqalculate5-data libqalculate5v5 libqapt3
libqapt3-runtime libqca-qt5-2 libqca-qt5-2-plugins libqca2
libqca2-plugin-ossl libqca2-plugins libqgsttools-p1 libqimageblitz4
libqjson0 libqmobipocket1 libqrencode3 libqt4-qt3support
libqt4-sql-mysql libqt5clucene5 libqt5concurrent5 libqt5designer5
libqt5designercomponents5 libqt5help5 libqt5multimedia5-plugins
libqt5multimediaquick-p5 libqt5multimediawidgets5
libqt5qml-graphicaleffects libqt5sql5-mysql libqt5waylandclient5
libqt5x11extras5 libqt5xmlpatterns5 libqtcurve-utils2
libqtscript4-core libqtscript4-gui libqtscript4-network
libqtscript4-sql libqtscript4-uitools libqtscript4-xml
libreoffice-kde libreoffice-style-oxygen libschroedinger-1.0-0
libscim8v5 libshine3 libsolid4 libssh2-1 libstoken1
libstreamanalyzer0v5 libstreams0v5 libsyndication4 libtag-extras1
libtaskmanager5 libtelepathy-logger-qt5 libtelepathy-logger3
libtelepathy-qt4-2 libtelepathy-qt5-0 libthreadweaver4 libtomcrypt0
libtommath0 libtwolame0 libvcdinfo0 libvo-aacenc0 libvo-amrwbenc0
libvoikko1 libweather-ion7 libx264-148 libx265-79 libxcb-composite0
libxcb-cursor0 libxcb-damage0 libxcb-dpms0 libxcb-record0
libxerces-c3.1 libxfreerdp-client1.1 libxvidcore4 libzephyr4 libzip4
libzvbi-common libzvbi0 milou muon-notifier muon-updater
ntrack-module-libnl-0 okular okular-extra-backends oxygen-icon-theme
oxygen-sounds oxygen5-icon-theme p7zip-full partitionmanager phonon
phonon-backend-gstreamer phonon-backend-gstreamer-common
phonon4qt5-backend-gstreamer pidgin-data pinentry-qt
plasma-dataengines-addons plasma-desktop plasma-desktop-data
plasma-discover plasma-discover-common plasma-discover-private
plasma-discover-updater plasma-framework
plasma-look-and-feel-org-kde-breezedark-desktop plasma-nm plasma-pa
plasma-runners-addons plasma-scriptengine-javascript
plasma-wallpapers-addons plasma-widgets-addons plasma-workspace
plymouth-theme-kubuntu-logo plymouth-theme-kubuntu-text
polkit-kde-agent-1 powerdevil powerdevil-data print-manager
python3-dbus.mainloop.pyqt5 python3-pykde4 python3-pyqt4
python3-pyqt5 python3-sip qapt-batch qapt-deb-installer qdbus-qt5
qml-module-org-kde-activities qml-module-org-kde-bluezqt
qml-module-org-kde-draganddrop qml-module-org-kde-extensionplugin
qml-module-org-kde-kcoreaddons qml-module-org-kde-kio
qml-module-org-kde-kquickcontrols
qml-module-org-kde-kquickcontrolsaddons
qml-module-org-kde-kwindowsystem qml-module-org-kde-runnermodel
qml-module-org-kde-solid qml-module-org-kde-telepathy
qml-module-qtmultimedia qml-module-qtquick-controls
qml-module-qtquick-controls-styles-breeze qml-module-qtquick-dialogs
qml-module-qtquick-privatewidgets qml-module-qtquick-xmllistmodel
qml-module-qtwebkit qt5-image-formats-plugins
qtdeclarative5-xmllistmodel-plugin qttools5-dev-tools qtwayland5 sddm
sddm-theme-breeze sgml-data signon-kwallet-extension skanlite socat
software-properties-kde sonnet-plugins sshfs systemsettings
telepathy-accounts-signon telepathy-gabble telepathy-haze
telepathy-logger telepathy-mission-control-5 telepathy-salut
user-manager vcdimager wodim
Supported until april 2021 (5y):
accountsservice acl acpi-support acpid adduser adwaita-icon-theme
alsa-base alsa-utils anacron apparmor apport apport-symptoms
appstream apt apt-transport-https apt-utils aptdaemon apturl-common
aspell aspell-en at-spi2-core avahi-autoipd avahi-daemon base-files
base-passwd bash bash-completion bc bind9-host binutils bluez
bluez-cups bluez-obexd bsdmainutils bsdutils busybox-initramfs
busybox-static bzip2 ca-certificates ca-certificates-java
chromium-codecs-ffmpeg-extra colord colord-data command-not-found
command-not-found-data console-setup console-setup-linux coreutils
cpio cpp cpp-5 cracklib-runtime crda cron cryptsetup cryptsetup-bin
cups cups-browsed cups-bsd cups-client cups-common cups-core-drivers
cups-daemon cups-filters cups-filters-core-drivers cups-ppdc
cups-server-common dash dbus dbus-x11 dc dconf-gsettings-backend
dconf-service debconf debconf-i18n debianutils default-jre
default-jre-headless dh-python dictionaries-common diffstat diffutils
dirmngr distro-info-data dmidecode dmsetup dns-root-data dnsmasq-base
dnsutils dosfstools dpkg e2fslibs e2fsprogs ed efibootmgr eject
emacsen-common enchant ethtool evolution-data-server-common file
findutils firefox firefox-locale-en fontconfig fontconfig-config
fonts-dejavu-core fonts-dejavu-extra fonts-freefont-ttf fonts-guru
fonts-guru-extra fonts-kacst fonts-kacst-one fonts-khmeros-core
fonts-lao fonts-lato fonts-liberation fonts-lklug-sinhala
fonts-lohit-guru fonts-nanum fonts-noto-cjk fonts-noto-mono
fonts-opensymbol fonts-sil-abyssinica fonts-sil-padauk fonts-stix
fonts-symbola fonts-takao-pgothic fonts-thai-tlwg
fonts-tibetan-machine fonts-tlwg-garuda fonts-tlwg-garuda-ttf
fonts-tlwg-kinnari fonts-tlwg-kinnari-ttf fonts-tlwg-laksaman
fonts-tlwg-laksaman-ttf fonts-tlwg-loma fonts-tlwg-loma-ttf
fonts-tlwg-mono fonts-tlwg-mono-ttf fonts-tlwg-norasi
fonts-tlwg-norasi-ttf fonts-tlwg-purisa fonts-tlwg-purisa-ttf
fonts-tlwg-sawasdee fonts-tlwg-sawasdee-ttf fonts-tlwg-typewriter
fonts-tlwg-typewriter-ttf fonts-tlwg-typist fonts-tlwg-typist-ttf
fonts-tlwg-typo fonts-tlwg-typo-ttf fonts-tlwg-umpush
fonts-tlwg-umpush-ttf fonts-tlwg-waree fonts-tlwg-waree-ttf
foomatic-db-compressed-ppds friendly-recovery ftp fuse fwupd fwupdate
fwupdate-signed gcc gcc-5 gcc-5-base gcc-6-base gconf-service
gconf-service-backend gconf2 gconf2-common gdb gdbserver gdisk
genisoimage geoip-database gettext gettext-base ghostscript
ghostscript-x gir1.2-glib-2.0 gir1.2-packagekitglib-1.0
glib-networking glib-networking-common glib-networking-services gnupg
gnupg-agent gnupg2 gpgv grep groff-base grub-common
grub-gfxpayload-lists grub-pc grub-pc-bin grub2-common
gsettings-desktop-schemas gsfonts gstreamer1.0-plugins-base
gstreamer1.0-plugins-good gstreamer1.0-pulseaudio gstreamer1.0-x gzip
hardening-includes hdparm hicolor-icon-theme hostname hplip
hplip-data humanity-icon-theme hunspell-en-us hyphen-en-us
i965-va-driver ieee-data ifupdown im-config imagemagick
imagemagick-6.q16 imagemagick-common indicator-application info init
init-system-helpers initramfs-tools initramfs-tools-bin
initramfs-tools-core initscripts inputattach insserv install-info
intltool-debian ippusbxd iproute2 iptables iputils-arping
iputils-ping iputils-tracepath irqbalance isc-dhcp-client
isc-dhcp-common iso-codes iw java-common javascript-common kbd
kerneloops-daemon keyboard-configuration klibc-utils kmod
krb5-locales language-pack-en language-pack-en-base
language-selector-common laptop-detect less libaa1 libaacs0
libabw-0.1-1v5 libaccounts-glib0 libaccounts-qt5-1
libaccountsservice0 libacl1 libaio1 libao-common libao4
libapparmor-perl libapparmor1 libappindicator1 libappindicator3-1
libappstream-glib8 libappstream3 libapt-inst2.0 libapt-pkg-perl
libapt-pkg5.0 libarchive-zip-perl libarchive13 libart-2.0-2 libasan2
libasn1-8-heimdal libasound2 libasound2-data libasound2-plugins
libaspell15 libasprintf-dev libasprintf0v5 libass5 libassuan0
libasyncns0 libatasmart4 libatk-bridge2.0-0 libatk1.0-0
libatk1.0-data libatm1 libatomic1 libatspi2.0-0 libattr1 libaudio2
libaudit-common libaudit1 libauthen-sasl-perl libavahi-client3
libavahi-common-data libavahi-common3 libavahi-core7 libavahi-glib1
libavc1394-0 libavfilter-ffmpeg5 libavformat-ffmpeg56
libavresample-ffmpeg2 libavutil-ffmpeg54 libbabeltrace-ctf1
libbabeltrace1 libbdplus0 libbind9-140 libblkid1 libbluetooth3
libbluray1 libbonobo2-0 libbonobo2-common libboost-date-time1.58.0
libboost-filesystem1.58.0 libboost-iostreams1.58.0
libboost-system1.58.0 libboost-thread1.58.0 libbs2b0 libbsd0
libbz2-1.0 libc-bin libc-dev-bin libc6 libc6-dbg libc6-dev libcaca0
libcairo-gobject2 libcairo2 libcamel-1.2-54 libcanberra-pulse
libcanberra0 libcap-ng0 libcap2 libcap2-bin libcc1-0 libcdio13
libcdparanoia0 libcdr-0.1-1 libcgi-fast-perl libcgi-pm-perl
libcilkrts5 libclass-accessor-perl libclone-perl
libclucene-contribs1v5 libclucene-core1v5 libcmis-0.5-5v5
libcolamd2.9.1 libcolord2 libcolorhug2 libcomerr2 libcrack2 libcroco3
libcryptsetup4 libcups2 libcupscgi1 libcupsfilters1 libcupsimage2
libcupsmime1 libcupsppdc1 libcurl3 libcurl3-gnutls libdaemon0
libdata-alias-perl libdatrie1 libdb5.3 libdbus-1-3 libdbus-glib-1-2
libdbusmenu-glib4 libdbusmenu-gtk3-4 libdbusmenu-gtk4 libdbusmenu-qt2
libdbusmenu-qt5 libdc1394-22 libdconf1 libdebconfclient0
libdevmapper1.02.1 libdfu1 libdigest-hmac-perl libdjvulibre-text
libdjvulibre21 libdns-export162 libdns162 libdouble-conversion1v5
libdpkg-perl libdrm-amdgpu1 libdrm-intel1 libdrm-nouveau2
libdrm-radeon1 libdrm2 libdv4 libdvdnav4 libdvdread4 libe-book-0.1-1
libebackend-1.2-10 libebook-1.2-16 libebook-contacts-1.2-2
libedata-book-1.2-25 libedataserver-1.2-21 libedit2 libefivar0
libegl1-mesa libelf1 libemail-valid-perl libenchant1c2a
libencode-locale-perl libeot0 libepoxy0 libestr0 libetonyek-0.1-1
libevdev2 libexif12 libexiv2-14 libexpat1 libexporter-tiny-perl
libexttextcat-2.0-0 libexttextcat-data libfcgi-perl libfdisk1 libffi6
libfftw3-double3 libfftw3-single3 libfile-basedir-perl
libfile-copy-recursive-perl libfile-desktopentry-perl
libfile-fcntllock-perl libfile-listing-perl libfile-mimeinfo-perl
libflac8 libflite1 libfont-afm-perl libfontconfig1 libfontembed1
libfontenc1 libfreehand-0.1-1 libfreerdp-cache1.1
libfreerdp-client1.1 libfreerdp-codec1.1 libfreerdp-common1.1.0
libfreerdp-core1.1 libfreerdp-crypto1.1 libfreerdp-gdi1.1
libfreerdp-locale1.1 libfreerdp-plugins-standard
libfreerdp-primitives1.1 libfreerdp-utils1.1 libfreetype6 libfribidi0
libfuse2 libfwup0 libfwupd1 libgbm1 libgcab-1.0-0 libgcc-5-dev
libgcc1 libgconf-2-4 libgcrypt20 libgd3 libgdbm3 libgdk-pixbuf2.0-0
libgdk-pixbuf2.0-common libgeoip1 libgettextpo-dev libgettextpo0
libgif7 libgirepository-1.0-1 libgl1-mesa-dri libgl1-mesa-glx
libglapi-mesa libglew1.13 libglib2.0-0 libglib2.0-data libglu1-mesa
libgme0 libgmp10 libgnome-2-0 libgnome2-common libgnomevfs2-0
libgnomevfs2-common libgnutls-openssl27 libgnutls30 libgomp1
libgpg-error0 libgpgme11 libgphoto2-6 libgphoto2-l10n
libgphoto2-port12 libgpm2 libgpod-common libgpod4 libgraphite2-3
libgs9 libgs9-common libgssapi-krb5-2 libgssapi3-heimdal
libgstreamer-plugins-base1.0-0 libgstreamer-plugins-good1.0-0
libgstreamer1.0-0 libgtk-3-0 libgtk-3-bin libgtk-3-common libgtk2.0-0
libgtk2.0-bin libgtk2.0-common libgtkglext1 libgudev-1.0-0 libgusb2
libgutenprint2 libharfbuzz-icu0 libharfbuzz0b libhcrypto4-heimdal
libheimbase1-heimdal libheimntlm0-heimdal libhogweed4 libhpmud0
libhsqldb1.8.0-java libhtml-form-perl libhtml-format-perl
libhtml-parser-perl libhtml-tagset-perl libhtml-tree-perl
libhttp-cookies-perl libhttp-daemon-perl libhttp-date-perl
libhttp-message-perl libhttp-negotiate-perl libhunspell-1.3-0
libhx509-5-heimdal libhyphen0 libibus-1.0-5 libical1a libice6
libicu55 libidn11 libiec61883-0 libieee1284-3 libijs-0.35
libilmbase12 libimobiledevice6 libindicator3-7 libindicator7
libinput10 libio-html-perl libio-pty-perl libio-socket-inet6-perl
libio-socket-ssl-perl libio-string-perl libipc-run-perl
libipc-system-simple-perl libisc-export160 libisc160 libisccc140
libisccfg140 libisl15 libitm1 libiw30 libjack-jackd2-0 libjasper1
libjbig0 libjbig2dec0 libjpeg-turbo8 libjpeg8 libjs-jquery
libjs-underscore libjson-c2 libjson-glib-1.0-0
libjson-glib-1.0-common libk5crypto3 libkeyutils1 libklibc libkmod2
libkrb5-26-heimdal libkrb5-3 libkrb5support0 libksba8
liblangtag-common liblangtag1 liblcms2-2 liblcms2-utils libldap-2.4-2
libldb1 liblist-moreutils-perl libllvm3.8 liblocale-gettext-perl
liblouis-data liblouis9 liblouisutdml-bin liblouisutdml-data
liblouisutdml6 liblqr-1-0 libltdl7 liblwp-mediatypes-perl
liblwp-protocol-https-perl liblwres141 liblz4-1 liblzma5 liblzo2-2
libmagic1 libmagickcore-6.q16-2 libmagickcore-6.q16-2-extra
libmagickwand-6.q16-2 libmailtools-perl libmbim-glib4 libmbim-proxy
libmhash2 libmirclient9 libmircommon5 libmirprotobuf3 libmm-glib0
libmng2 libmnl0 libmodplug1 libmount1 libmpc3 libmpdec2 libmpfr4
libmpx0 libmspub-0.1-1 libmtdev1 libmtp-common libmtp-runtime libmtp9
libmwaw-0.3-3 libmysqlclient20 libmythes-1.2-0 libncurses5
libncursesw5 libndp0 libneon27-gnutls libnet-dbus-perl
libnet-dns-perl libnet-domain-tld-perl libnet-http-perl
libnet-ip-perl libnet-libidn-perl libnet-smtp-ssl-perl
libnet-ssleay-perl libnetfilter-conntrack3 libnetpbm10 libnettle6
libnewt0.52 libnfnetlink0 libnih1 libnl-3-200 libnl-genl-3-200
libnl-route-3-200 libnm-glib4 libnm-util2 libnm0 libnotify4 libnpth0
libnspr4 libnss-mdns libnss3 libnss3-nssdb libnuma1 libodfgen-0.1-1
libogg0 libopenal-data libopenal1 libopencv-core2.4v5
libopencv-highgui2.4v5 libopencv-imgproc2.4v5 libopenexr22 libopus0
liborbit-2-0 liborc-0.4-0 liborcus-0.10-0v5 libp11-kit0
libpackagekit-glib2-16 libpagemaker-0.0-0 libpam-modules
libpam-modules-bin libpam-runtime libpam-systemd libpam0g
libpango-1.0-0 libpango1.0-0 libpangocairo-1.0-0 libpangoft2-1.0-0
libpangox-1.0-0 libpangoxft-1.0-0 libpaper-utils libpaper1
libparse-debianchangelog-perl libparted-fs-resize0 libparted2
libpcap0.8 libpci3 libpciaccess0 libpcre16-3 libpcre3 libpcsclite1
libperl5.22 libperlio-gzip-perl libpipeline1 libpixman-1-0 libplist3
libplymouth4 libpng12-0 libpolkit-agent-1-0 libpolkit-backend-1-0
libpolkit-gobject-1-0 libpoppler58 libpopt0 libpostproc-ffmpeg53
libprocps4 libprotobuf-lite9v5 libproxy1v5 libpulse-mainloop-glib0
libpulse0 libpulsedsp libpwquality-common libpwquality1
libpython-stdlib libpython2.7 libpython2.7-minimal
libpython2.7-stdlib libpython3-stdlib libpython3.5
libpython3.5-minimal libpython3.5-stdlib libqmi-glib1 libqmi-proxy
libqpdf17 libqt4-dbus libqt4-declarative libqt4-designer libqt4-help
libqt4-network libqt4-opengl libqt4-script libqt4-scripttools
libqt4-sql libqt4-sql-sqlite libqt4-svg libqt4-test libqt4-xml
libqt4-xmlpatterns libqt5core5a libqt5dbus5 libqt5gui5
libqt5multimedia5 libqt5network5 libqt5opengl5 libqt5printsupport5
libqt5qml5 libqt5quick5 libqt5quickwidgets5 libqt5script5 libqt5sql5
libqt5sql5-sqlite libqt5svg5 libqt5test5 libqt5webkit5 libqt5widgets5
libqt5xml5 libqtassistantclient4 libqtcore4 libqtdbus4 libqtgui4
libqtwebkit4 libquadmath0 libraptor2-0 librasqal3 libraw1394-11
libraw15 librdf0 libreadline6 libreoffice-avmedia-backend-gstreamer
libreoffice-base libreoffice-base-core libreoffice-base-drivers
libreoffice-calc libreoffice-common libreoffice-core libreoffice-draw
libreoffice-help-en-us libreoffice-impress libreoffice-java-common
libreoffice-math libreoffice-pdfimport libreoffice-sdbc-firebird
libreoffice-sdbc-hsqldb libreoffice-style-breeze
libreoffice-style-galaxy libreoffice-style-tango libreoffice-writer
librest-0.7-0 librevenge-0.0-0 libroken18-heimdal librsvg2-2
librsvg2-common librtmp1 libruby2.3 libsamplerate0 libsane
libsane-common libsane-hpaio libsasl2-2 libsasl2-modules
libsasl2-modules-db libsbc1 libseccomp2 libsecret-1-0
libsecret-common libselinux1 libsemanage-common libsemanage1
libsensors4 libsepol1 libservlet3.1-java libsgutils2-2 libshout3
libsignon-extension1 libsignon-glib1 libsignon-plugins-common1
libsignon-qt5-1 libslang2 libsm6 libsmartcols1 libsmbclient
libsnappy1v5 libsndfile1 libsnmp-base libsnmp30 libsocket6-perl
libsodium18 libsoup-gnome2.4-1 libsoup2.4-1 libsoxr0 libspectre1
libspeex1 libspeexdsp1 libsqlite3-0 libss2 libssh-4 libssh-gcrypt-4
libssl1.0.0 libstartup-notification0 libstdc++6 libsub-name-perl
libsuitesparseconfig4.4.6 libswresample-ffmpeg1 libswscale-ffmpeg3
libsystemd0 libtag1v5 libtag1v5-vanilla libtalloc2 libtasn1-6 libtbb2
libtcl8.6 libtdb1 libtelepathy-glib0 libtevent0
libtext-charwidth-perl libtext-iconv-perl libtext-levenshtein-perl
libtext-wrapi18n-perl libthai-data libthai0 libtheora0
libtie-ixhash-perl libtiff5 libtimedate-perl libtinfo5 libtk8.6
libtxc-dxtn-s2tc0 libubsan0 libudev1 libudisks2-0 libunistring0
libupower-glib3 liburi-perl libusb-0.1-4 libusb-1.0-0 libusbmuxd4
libustr-1.0-1 libutempter0 libuuid1 libv4l-0 libv4lconvert0 libva1
libvdpau1 libvisio-0.1-1 libvisual-0.4-0 libvncclient1 libvorbis0a
libvorbisenc2 libvorbisfile3 libvpx3 libwacom-bin libwacom-common
libwacom2 libwavpack1 libwayland-client0 libwayland-cursor0
libwayland-egl1-mesa libwayland-server0 libwbclient0 libwebp5
libwebpmux1 libwebrtc-audio-processing-0 libwhoopsie-preferences0
libwhoopsie0 libwind0-heimdal libwinpr-crt0.1 libwinpr-dsparse0.1
libwinpr-environment0.1 libwinpr-file0.1 libwinpr-handle0.1
libwinpr-heap0.1 libwinpr-input0.1 libwinpr-interlocked0.1
libwinpr-library0.1 libwinpr-path0.1 libwinpr-pool0.1
libwinpr-registry0.1 libwinpr-rpc0.1 libwinpr-sspi0.1
libwinpr-synch0.1 libwinpr-sysinfo0.1 libwinpr-thread0.1
libwinpr-utils0.1 libwmf0.2-7 libwpd-0.10-10 libwpg-0.3-3
libwps-0.4-4 libwrap0 libwww-perl libwww-robotrules-perl libx11-6
libx11-data libx11-protocol-perl libx11-xcb1 libx86-1 libxapian22v5
libxatracker2 libxau6 libxaw7 libxcb-dri2-0 libxcb-dri3-0 libxcb-glx0
libxcb-icccm4 libxcb-image0 libxcb-keysyms1 libxcb-present0
libxcb-randr0 libxcb-render-util0 libxcb-render0 libxcb-shape0
libxcb-shm0 libxcb-sync1 libxcb-util1 libxcb-xfixes0 libxcb-xkb1
libxcb1 libxcomposite1 libxcursor1 libxdamage1 libxdmcp6 libxext6
libxfixes3 libxfont1 libxft2 libxi6 libxinerama1 libxkbcommon-x11-0
libxkbcommon0 libxkbfile1 libxml-parser-perl libxml-twig-perl
libxml-xpathengine-perl libxml2 libxml2-utils libxmu6 libxmuu1
libxpm4 libxrandr2 libxrender1 libxshmfence1 libxslt1.1 libxss1
libxt6 libxtables11 libxtst6 libxv1 libxvmc1 libxxf86dga1 libxxf86vm1
libyajl2 libyaml-0-2 libyaml-libyaml-perl libzmq5 lintian linux-base
linux-firmware linux-generic linux-headers-4.4.0-21
linux-headers-4.4.0-21-generic linux-headers-generic
linux-image-4.4.0-21-generic linux-image-extra-4.4.0-21-generic
linux-image-generic linux-libc-dev linux-sound-base locales login
logrotate lp-solve lsb-base lsb-release lshw lsof ltrace make makedev
man-db manpages manpages-dev mawk media-player-info memtest86+
mesa-vdpau-drivers mime-support mlocate
mobile-broadband-provider-info modemmanager mount mscompress mtr-tiny
multiarch-support mysql-client-core-5.7 mysql-common
mysql-server-core-5.7 mythes-en-us nano ncurses-base ncurses-bin
net-tools netbase netcat-openbsd netpbm network-manager
network-manager-pptp ntfs-3g openjdk-8-jre openjdk-8-jre-headless
openoffice.org-hyphenation openprinting-ppds openssh-client openssl
os-prober parted passwd patch patchutils pciutils pcmciautils perl
perl-base perl-modules-5.22 plymouth plymouth-label
plymouth-theme-ubuntu-text pm-utils policykit-1
policykit-desktop-privileges poppler-data poppler-utils
popularity-contest powermgmt-base ppp pptp-linux
printer-driver-brlaser printer-driver-c2esp printer-driver-foo2zjs
printer-driver-foo2zjs-common printer-driver-gutenprint
printer-driver-hpcups printer-driver-min12xxw printer-driver-pnm2ppa
printer-driver-postscript-hp printer-driver-ptouch
printer-driver-pxljr printer-driver-sag-gdi printer-driver-splix
procps psmisc pulseaudio pulseaudio-module-bluetooth
pulseaudio-module-x11 pulseaudio-utils python python-apt-common
python-dbus python-minimal python-qt4-dbus python-talloc python2.7
python2.7-minimal python3 python3-apport python3-apt
python3-aptdaemon python3-aptdaemon.pkcompat python3-chardet
python3-commandnotfound python3-cups python3-cupshelpers python3-dbus
python3-debian python3-defer python3-distupgrade python3-gdbm
python3-gi python3-minimal python3-pexpect python3-pil
python3-pkg-resources python3-problem-report python3-ptyprocess
python3-pycurl python3-renderpm python3-reportlab
python3-reportlab-accel python3-requests python3-six
python3-software-properties python3-systemd python3-uno
python3-update-manager python3-urllib3 python3-xkit python3.5
python3.5-minimal qdbus qml-module-qt-labs-folderlistmodel
qml-module-qt-labs-settings qml-module-qtgraphicaleffects
qml-module-qtquick-layouts qml-module-qtquick-window2
qml-module-qtquick2 qpdf qt-at-spi qtchooser qtcore4-l10n
qttranslations5-l10n rake readline-common rename resolvconf rfkill
rsync rsyslog rtkit ruby ruby-did-you-mean ruby-minitest
ruby-net-telnet ruby-power-assert ruby-test-unit ruby2.3
rubygems-integration samba-libs sane-utils sbsigntool secureboot-db
sed sensible-utils session-migration sgml-base shared-mime-info
signon-plugin-oauth2 signon-plugin-password signon-ui
signon-ui-service signon-ui-x11 signond snapd sni-qt
software-properties-common sound-theme-freedesktop squashfs-tools
ssl-cert strace sudo system-config-printer-udev systemd systemd-sysv
sysv-rc sysvinit-utils t1utils tar tcl tcl8.6 tcpd tcpdump telnet
thermald time tk tk8.6 toshset ttf-ancient-fonts-symbola
ttf-ubuntu-font-family tzdata ubuntu-core-launcher
ubuntu-drivers-common ubuntu-keyring ubuntu-minimal ubuntu-mono
ubuntu-release-upgrader-core ubuntu-standard ucf udev udisks2 ufw
unattended-upgrades uno-libs3 unzip update-inetd update-manager-core
update-notifier-common upower ure ureadahead usb-modeswitch
usb-modeswitch-data usbmuxd usbutils util-linux uuid-runtime
va-driver-all vbetool vdpau-driver-all vdpau-va-driver vim-common
vim-tiny wamerican wbritish wget whiptail whoopsie
whoopsie-preferences wireless-regdb wireless-tools wpasupplicant
x11-apps x11-common x11-session-utils x11-utils x11-xkb-utils
x11-xserver-utils xauth xbitmaps xdg-user-dirs xdg-utils xfonts-base
xfonts-encodings xfonts-scalable xfonts-utils xinit xinput xkb-data
xml-core xorg xorg-docs-core xserver-common xserver-xorg
xserver-xorg-core xserver-xorg-input-all xserver-xorg-input-evdev
xserver-xorg-input-synaptics xserver-xorg-input-vmmouse
xserver-xorg-input-wacom xserver-xorg-video-all
xserver-xorg-video-amdgpu xserver-xorg-video-ati
xserver-xorg-video-fbdev xserver-xorg-video-intel
xserver-xorg-video-nouveau xserver-xorg-video-qxl
xserver-xorg-video-radeon xserver-xorg-video-vesa
xserver-xorg-video-vmware xul-ext-ubufox xz-utils zip zlib1g
- Pjotr
- Level 22
- Posts: 16168
- Joined: Mon Mar 07, 2011 10:18 am
- Location: The Netherlands (Holland)
- Contact:
Re: What does LTS really mean? The 5 years question.
Interesting article on heise.de, which is indeed a source of usually thoroughly (gründlich) researched articles. All the more relevant as it concerns the upcoming Linux Mint 18 as well.
I think the problem, and the solutions for it, could perhaps be divided into two separate categories:
1. shorter-than-five-years support period, but well maintained during that shorter period: selective use of PPA's or other third-party repo's to extend support. Perhaps coupled with more use of per-application virtualization with Firejail.
2. badly maintained irrespective of support period: the above, coupled with drawing attention to deficient support by the available official means, such as Launchpad.
So the questions are:
a. Which packages should we worry about most, i.e. which ones can be classified as high risk?
b. What are the remedies (best third-party repo's, best Firejail profiles) for those high risk packages?
c. In case of bad maintenance: which Launchpad threads should we support with our reactions?
The above is just my first idea about how to tackle this..... Imperfect, but maybe a starting point for solutions.
I think the problem, and the solutions for it, could perhaps be divided into two separate categories:
1. shorter-than-five-years support period, but well maintained during that shorter period: selective use of PPA's or other third-party repo's to extend support. Perhaps coupled with more use of per-application virtualization with Firejail.
2. badly maintained irrespective of support period: the above, coupled with drawing attention to deficient support by the available official means, such as Launchpad.
So the questions are:
a. Which packages should we worry about most, i.e. which ones can be classified as high risk?
b. What are the remedies (best third-party repo's, best Firejail profiles) for those high risk packages?
c. In case of bad maintenance: which Launchpad threads should we support with our reactions?
The above is just my first idea about how to tackle this..... Imperfect, but maybe a starting point for solutions.

Tip: 10 things to do after installing Linux Mint 20.1 Ulyssa
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Re: What does LTS really mean? The 5 years question.
Partially. Example: Gimp has only 9 months of support (that means it ended for LM 17.x at the start of the last year). Except you would add the existing PPA for it. That means, that the old rule to avoid PPAs whenever possible, is at least questionable.Schultz wrote:I don't understand this thread. What's the problem (in layman terms please)? Are you saying that apps included with Mint's installation (Ubuntu version) don't have 5 years worth of security updates?
Example: This 2 years old vulnerability in vlc is not closed. For LM 13 the situation is even worse (no surprise), as you can read in this table.
Other example - in this case there is a program affected which belongs to the basic programs of the system: Synaptic. Support time is for this 3 years, that means, that this has ended for LM 13 already 1 year ago. For LM 17.x it would mean support for another 9 months, but in detail this is not even true, because Synaptic needs a dependent library, which gets only 9 months support; in other words: No support since the beginning of 2015 short after the release of LM 17.1.
Re: What does LTS really mean? The 5 years question.
If we use Synaptic to install new programs can't we update/upgrade those through Synaptic itself, thereby bypassing the OS (software updater) ?
- Pjotr
- Level 22
- Posts: 16168
- Joined: Mon Mar 07, 2011 10:18 am
- Location: The Netherlands (Holland)
- Contact:
Re: What does LTS really mean? The 5 years question.
Yes and no: "jein" auf deutsch...Cosmo. wrote:the old rule to avoid PPAs whenever possible, is at least questionable.
It depends. For example: I don't think that Synaptic qualifies as high risk, nor do I think that it's likely to become high risk in the future. On the other hand, I think that VLC certainly is high risk.
That means that it would probably be OK to do nothing special for Synaptic. But for VLC a third-party repo (PPA?) would seem advisable. The question is then: which third-party repo is best / most reliable?
So I think that the second part of that old rule makes it still valid: "avoid PPA's whenever possible".
Tip: 10 things to do after installing Linux Mint 20.1 Ulyssa
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Re: What does LTS really mean? The 5 years question.
Mh, Synaptic is a frontend for the package-management and the package-management is part of the core of the OS. If you mean "high risk" in the sense of number of known vulnerabilities, you are right, but I merely interpret the level of risk as a question, how deep a program digs into the system. Obvious: You get asked for your password, if you launch synaptic, but not for vlc.Pjotr wrote:I don't think that Synaptic qualifies as high risk, nor do I think that it's likely to become high risk in the future.
(I will later add something more to your previous post, especially question a. But I am a little bit short of time at the moment, so that has to wait.)
- Pjotr
- Level 22
- Posts: 16168
- Joined: Mon Mar 07, 2011 10:18 am
- Location: The Netherlands (Holland)
- Contact:
Re: What does LTS really mean? The 5 years question.
Well, let's look at another example. Linux Mint doesn't update the Linux kernel by default, even when there are security updates available for the kernel.... I think that's acceptable, because the chance is very small that a desktop user (not a server user) will ever become the victim of an exploited kernel weakness.Cosmo. wrote:If you mean "high risk" in the sense of number of known vulnerabilities, you are right, but I merely interpret the level of risk as a question, how deep a program digs into the system.
In this respect, I think Synaptic and the kernel are the same. Both belong to the core of the operating system, but both are very unlikely to become a risk in real life.
Furthermore, for security it doesn't matter if an application is system core (password required) or ordinary (no password): once root access (permission escalation) has been acquired by means of an exploit of an ordinary application, there's no difference in consequences.
One could even say that ordinary applications are an even bigger risk, exactly because they don't need a password for running them....
Tip: 10 things to do after installing Linux Mint 20.1 Ulyssa
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Re: What does LTS really mean? The 5 years question.
Synaptic installs software and upgrades from the same software repositories as Software Manager and Update Manager and thus offers exactly the same upgrades as Update Manager and no more.Joss wrote:If we use Synaptic to install new programs can't we update/upgrade those through Synaptic itself, thereby bypassing the OS (software updater) ?

- killer de bug
- Level 14
- Posts: 5398
- Joined: Tue Jul 08, 2008 1:49 pm
- Location: Leuven, Belgium
Re: What does LTS really mean? The 5 years question.
This possibility was removed by the team. A bug in Synaptic way of updating/upgrading resulted in broken systems.Joss wrote:If we use Synaptic to install new programs can't we update/upgrade those through Synaptic itself, thereby bypassing the OS (software updater) ?
You should update with the Update Manager, this is safer.
If it ain't broke, fix it until it is.
- killer de bug
- Level 14
- Posts: 5398
- Joined: Tue Jul 08, 2008 1:49 pm
- Location: Leuven, Belgium
Re: What does LTS really mean? The 5 years question.
Pjotr wrote:On the other hand, I think that VLC certainly is high risk.

Why?
If it ain't broke, fix it until it is.
- Pjotr
- Level 22
- Posts: 16168
- Joined: Mon Mar 07, 2011 10:18 am
- Location: The Netherlands (Holland)
- Contact:
Re: What does LTS really mean? The 5 years question.
Multimedia is widespread on the web, and VLC is also widely used on Windows. That probably makes it an attractive target.killer de bug wrote:Pjotr wrote:On the other hand, I think that VLC certainly is high risk.![]()
Why?
Tip: 10 things to do after installing Linux Mint 20.1 Ulyssa
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Keep your Linux Mint healthy: Avoid these 10 fatal mistakes
Twitter: twitter.com/easylinuxtips
All in all, horse sense simply makes sense.
Re: What does LTS really mean? The 5 years question.
So how do you get from 'thinkable' to 'certainly high risk'?

If your issue is solved, kindly indicate that by editing the first post in the topic, and adding [SOLVED] to the title. Thanks!
- killer de bug
- Level 14
- Posts: 5398
- Joined: Tue Jul 08, 2008 1:49 pm
- Location: Leuven, Belgium
Re: What does LTS really mean? The 5 years question.
In this case, the vulnerability is about an FLV file being read by VLC.Pjotr wrote: Multimedia is widespread on the web, and VLC is also widely used on Windows. That probably makes it an attractive target.
Which means that you have to first download the file and then read it with VLC. For me this doesn't qualify as high risk. First because it's a FLV file, then because you have to download it, and then read it specifically with VLC.
If it ain't broke, fix it until it is.
Re: What does LTS really mean? The 5 years question.
I don't consider LTS releases to be a security issue. Mostly what it means is that get security updates but otherwise you won't get the newest versions of software.
Actually for Ubuntu 14.04 I don't consider the LTS part to mean as much as it should for stability. It may be an LTS release but they didn't use an LTS kernel release. This means that Canonical has to do all that backporting that the kernel maintainers would do with an LTS kernel. This is actually why I switched to Mint.
Actually for Ubuntu 14.04 I don't consider the LTS part to mean as much as it should for stability. It may be an LTS release but they didn't use an LTS kernel release. This means that Canonical has to do all that backporting that the kernel maintainers would do with an LTS kernel. This is actually why I switched to Mint.
Re: What does LTS really mean? The 5 years question.
I disagree. I would agree, if you would have said privacy instead of security. Point is, that a - assumed - misused "ordinary application" cannot change something in the system, but a password protected "core application" can - by design. So let as - hypothetically - assume, there would be a leak in synaptic, which allows a remote attacker to execute arbitrary code (see the description of the open vlc-leak, the consequences would be really drastic. For LM 13 nobody cares since 1 year about this, for LM 17.x the same will be true in 1 year from now on. BTW, this risk is even greater for Gdebi (also in universe), as it is designed to execute arbitrary DEB-files.Pjotr wrote:Furthermore, for security it doesn't matter if an application is system core (password required) or ordinary (no password): once root access (permission escalation) has been acquired by means of an exploit of an ordinary application, there's no difference in consequences.