What does LTS really mean? The 5 years question.

[Cosmo.]

Let me start with a note about a problem: There is no known English source for the problem. Sorry about it. But the fact that I can only provide a link to a German article does not reduce the problem, that I got aware today.

The rather well evaluated German web-site heise.de (most likely the best in German language) published today an article about Ubuntu LTS: Long time support is only available for the most important (translated title). Link

Short summary: Only the packages from the main repository, but not for universe, get 5 years support. That means, that many security holes do not or only by chance get closed. The article mentions, that this is e.g. different to Debian. Packages of universe get at best 3 years support, often only 9 months!.

There is a pre-installed terminal command ubuntu-support-status (in Mint you can install, but it does not work), which shows you, how long the packages get supported. I did an install of Ubuntu 16.04 and added nothing except the language packs, which were missing after installation and synaptic. Result: I have already with this very basic system (Ubuntu misses several things, that we are used to find in a fresh Mint installation) already 8 packages with 3 years support and 4 packages with 9 months support, 2 not supported at all (no ppa added)!

The article comes to the conclusion, that the fact, that Ubuntu desktops are not so often attacked, is only to explain with the comparably small number of installations. This does not sound good. And I wonder, why Ubuntu does not give full support as advertised, as Debian does. (I cannot judge, if is this is really true for Debian, I have to rely to the article, which says so in the very last sentence.)

I wonder, if I should switch to LMDE2. Not sure about it yet, but worth to think about it.

[xenopeek]

I wrote a topic Comparing package bases: Ubuntu vs Debian about this last year, where I cover the support policies of Ubuntu and Debian. The topic might give you some more thoughts for choosing the Debian package base.

I didn't know about ubuntu-support-status, interesting.

[Cosmo.]

Thank you for pointing to your old (but still current) article. It will definitely take some time to think about the situation and to make a decision, what to do. Analyzing the situation in a Mint main edition is a problem, because of the not functioning ubuntu-support-status command.

[Schultz]

I don't understand this thread. What's the problem (in layman terms please)? Are you saying that apps included with Mint's installation (Ubuntu version) don't have 5 years worth of security updates?

[Pierre]

technically - NO - they don't

it's usually only the 'core' parts of the system, that get updates,
for that period of time.

in that other, non-core parts - are gradually dropped off.
eg: like medibuntu was dropped, in that Ubuntu version.

but - things like FF & LOo are part of the 'core' and as such ,
generally are updated, right until the end of the cycle.

[Mr.October]

When I use the command in my freshly installed Kubuntu 16.04 I get this:

Code: Select all

jan@Kubuntu1604:~$ ubuntu-support-status --show-all
Support status summary of 'Kubuntu1604':

You have 27 packages (1.3%) supported until januari 2017 (9m)
You have 677 packages (33.7%) supported until april 2019 (3y)
You have 1296 packages (64.6%) supported until april 2021 (5y)

You have 0 packages (0.0%) that can not/no-longer be downloaded
You have 7 packages (0.3%) that are unsupported

No longer downloadable:


Unsupported: 
flashplugin-installer google-chrome-stable gstreamer1.0-plugins-ugly 
gstreamer1.0-plugins-ugly-amr kubuntu-restricted-addons libsidplay1v5 
oxideqt-codecs-extra 

Supported until januari 2017 (9m):
freepats gstreamer1.0-plugins-bad gstreamer1.0-plugins-bad-faad 
gstreamer1.0-plugins-bad-videoparsers kuser libde265-0 
libgstreamer-plugins-bad1.0-0 liblsan0 libmimic0 libmpeg2encpp-2.1-0 
libmplex2-2.1-0 libofa0 libopencv-calib3d2.4v5 libopencv-contrib2.4v5 
libopencv-features2d2.4v5 libopencv-flann2.4v5 libopencv-legacy2.4v5 
libopencv-ml2.4v5 libopencv-objdetect2.4v5 libopencv-video2.4v5 
libsoundtouch1 libspandsp2 libsrtp0 libtsan0 libwildmidi-config 
libwildmidi1 libzbar0 

Supported until april 2019 (3y):
accountwizard akonadi-backend-mysql akonadi-server akregator amarok 
amarok-common amarok-utils apport-kde apturl-kde ark baloo-kf5 
baloo-utils bluedevil breeze breeze-cursor-theme breeze-icon-theme 
catdoc cdparanoia cdrdao debconf-kde-data discover discover-data 
docbook-xml docbook-xsl dolphin dragonplayer dvd+rw-tools 
fonts-dejavu fonts-noto fonts-noto-hinted fonts-noto-unhinted 
fonts-oxygen frameworkintegration freerdp-x11 gpgsm growisofs 
gstreamer-qapt gstreamer1.0-libav gstreamer1.0-nice 
gtk2-engines-oxygen gtk2-engines-pixbuf gtk3-engines-breeze gwenview 
ibus-qt4 icoutils k3b k3b-data k3b-i18n kaccounts-integration 
kaccounts-providers kactivities kaddressbook kamera kate kate-data 
kate5-data katepart kcalc kde-baseapps-bin kde-baseapps-data 
kde-cli-tools kde-cli-tools-data kde-config-gtk-style 
kde-config-gtk-style-preview kde-config-mailtransport 
kde-config-screenlocker kde-config-sddm kde-config-telepathy-accounts 
kde-config-whoopsie kde-l10n-engb kde-runtime kde-runtime-data 
kde-spectacle kde-style-breeze kde-style-breeze-qt4 
kde-style-oxygen-qt5 kde-style-qtcurve-qt4 kde-style-qtcurve-qt5 
kde-telepathy kde-telepathy-approver kde-telepathy-auth-handler 
kde-telepathy-contact-list kde-telepathy-data 
kde-telepathy-desktop-applets kde-telepathy-filetransfer-handler 
kde-telepathy-integration-module kde-telepathy-kaccounts 
kde-telepathy-kpeople kde-telepathy-minimal kde-telepathy-send-file 
kde-telepathy-text-ui kdeconnect kdeconnect-plasma kded5 
kdegraphics-strigi-analyzer kdelibs-bin kdelibs5-data 
kdelibs5-plugins kdemultimedia-kio-plugins kdenetwork-filesharing 
kdepim-doc kdepim-runtime kdepimlibs-data kdepimlibs-kio-plugins 
kdeplasma-addons-data kdesudo kdoctools kdoctools5 kgamma5 
khelpcenter khotkeys khotkeys-data kimageformat-plugins kinfocenter 
kinit kio kio-audiocd kio-extras kio-extras-data kio-mtp kmail 
kmenuedit knotes konsole konsole-kpart kontact konversation 
konversation-data korganizer kpackagelauncherqml kpackagetool5 krdc 
kross kscreen ksshaskpass ksysguard ksysguard-data ksysguardd 
ksystemlog ktexteditor-data ktexteditor-katepart ktnef ktorrent 
ktorrent-data kubuntu-driver-manager kubuntu-notification-helper 
kubuntu-settings-desktop kubuntu-web-shortcuts kwalletmanager 
kwayland-data kwayland-integration kwin kwin-addons kwin-common 
kwin-data kwin-style-breeze kwin-x11 kwrited language-pack-kde-en 
liba52-0.7.4 libakonadi-kde4 libakonadi-kmime4 
libakonadiprotocolinternals1 libappstreamqt1 libattica0.4 
libavahi-gobject0 libavcodec-ffmpeg56 libbaloocore4 libbaloofiles4 
libbalooxapian4 libchm1 libchromaprint0 libcln6 libcrystalhd3 libdca0 
libdebconf-kde1 libdiscover2 libdlrestrictions1 libdmtx0a 
libdolphinvcs5 libepub0 libfaad2 libfakekey0 libfam0 
libfarstream-0.2-5 libflac++6v5 libfluidsynth1 libfreerdp-rail1.1 
libgit2-24 libgps22 libgrantlee-templates5 libgrantlee-textdocument5 
libgsm1 libgssdp-1.0-3 libgupnp-1.0-4 libgupnp-igd-1.0-4 
libhttp-parser2.1 libibus-qt1 libiso9660-8 libk3b6 
libk3b6-extracodecs libkabc4 libkaccounts1 libkactivities6 libkate1 
libkatepartinterfaces4 libkcalcore4 libkcddb4 libkcmutils4 
libkcompactdisc4 libkde3support4 libkdeclarative5 
libkdecorations2-5v5 libkdecorations2private5v5 libkdecore5 libkdesu5 
libkdeui5 libkdewebkit5 libkdnssd4 libkemoticons4 libkexiv2-11v5 
libkexiv2-data libkf5activities5 libkf5activitiesexperimentalstats1 
libkf5akonadiagentbase5 libkf5akonadicalendar5 libkf5akonadicontact5 
libkf5akonadicore-bin libkf5akonadicore5 libkf5akonadimime5 
libkf5akonadinotes5 libkf5akonadiprivate5 libkf5akonadisearchdebug5 
libkf5akonadisearchpim5 libkf5akonadiwidgets5 libkf5alarmcalendar5 
libkf5archive5 libkf5attica5 libkf5auth-data libkf5auth5 libkf5baloo5 
libkf5balooengine5 libkf5baloowidgets-bin libkf5baloowidgets5 
libkf5bluezqt-data libkf5bluezqt6 libkf5bookmarks-data 
libkf5bookmarks5 libkf5calendarcore5 libkf5calendarevents5 
libkf5calendarsupport5 libkf5calendarutils5 libkf5codecs-data 
libkf5codecs5 libkf5completion-data libkf5completion5 
libkf5config-bin libkf5config-data libkf5configcore5 libkf5configgui5 
libkf5configwidgets-data libkf5configwidgets5 libkf5contacts-data 
libkf5contacts5 libkf5coreaddons-data libkf5coreaddons5 libkf5crash5 
libkf5dbusaddons-bin libkf5dbusaddons-data libkf5dbusaddons5 
libkf5declarative-data libkf5declarative5 libkf5dnssd-data 
libkf5dnssd5 libkf5emoticons-bin libkf5emoticons-data 
libkf5emoticons5 libkf5eventviews5 libkf5filemetadata-bin 
libkf5filemetadata-data libkf5filemetadata3 libkf5followupreminder5 
libkf5gapi-data libkf5gapicalendar5 libkf5gapicontacts5 
libkf5gapicore5 libkf5gapidrive5 libkf5gapitasks5 
libkf5globalaccel-bin libkf5globalaccel-data libkf5globalaccel5 
libkf5globalaccelprivate5 libkf5gpgmepp-pthread5 libkf5gpgmepp5 
libkf5gravatar5 libkf5guiaddons5 libkf5holidays-data libkf5holidays5 
libkf5i18n-data libkf5i18n5 libkf5iconthemes-bin 
libkf5iconthemes-data libkf5iconthemes5 libkf5identitymanagement5 
libkf5idletime5 libkf5imap5 libkf5incidenceeditorsng5 
libkf5itemmodels5 libkf5itemviews-data libkf5itemviews5 
libkf5jobwidgets-data libkf5jobwidgets5 libkf5js5 libkf5jsembed-data 
libkf5jsembed5 libkf5kcmutils-data libkf5kcmutils5 libkf5kdcraw5 
libkf5kdelibs4support-data libkf5kdelibs4support5 
libkf5kdelibs4support5-bin libkf5kdepimdbusinterfaces5 
libkf5kdgantt2-5 libkf5khtml-bin libkf5khtml-data libkf5khtml5 
libkf5kiocore5 libkf5kiofilewidgets5 libkf5kiontlm5 libkf5kiowidgets5 
libkf5kipi-data libkf5kipi30.0.0 libkf5kmanagesieve5 
libkf5kontactinterface-data libkf5kontactinterface5 libkf5krosscore5 
libkf5krossui5 libkf5ksieve5 libkf5ksieveui5 libkf5ldap5 
libkf5libkdepim5 libkf5libkleo5 libkf5mailcommon5 libkf5mailimporter5 
libkf5mailtransport-data libkf5mailtransport5 libkf5mbox5 
libkf5messagecomposer5 libkf5messagecore5 libkf5messagelist5 
libkf5messageviewer5 libkf5mime5 libkf5modemmanagerqt6 
libkf5networkmanagerqt6 libkf5newstuff-data libkf5newstuff5 
libkf5noteshared5 libkf5notifications-data libkf5notifications5 
libkf5notifyconfig-data libkf5notifyconfig5 libkf5package-data 
libkf5package5 libkf5parts-data libkf5parts-plugins libkf5parts5 
libkf5people-data libkf5people5 libkf5peoplebackend5 
libkf5peoplewidgets5 libkf5pimcommon5 libkf5pimtextedit5 
libkf5plasma5 libkf5plasmaquick5 libkf5prison1 libkf5pty-data 
libkf5pty5 libkf5qgpgme5 libkf5quickaddons5 libkf5runner5 
libkf5screen-bin libkf5screen6 libkf5sendlater5 libkf5service-bin 
libkf5service-data libkf5service5 libkf5solid5 libkf5solid5-data 
libkf5sonnet5-data libkf5sonnetcore5 libkf5sonnetui5 libkf5style5 
libkf5su-bin libkf5su-data libkf5su5 libkf5syndication5 
libkf5sysguard-bin libkf5sysguard-data libkf5templateparser5 
libkf5texteditor5 libkf5texteditor5-libjs-underscore 
libkf5textwidgets-data libkf5textwidgets5 libkf5threadweaver5 
libkf5tnef5 libkf5unitconversion-data libkf5unitconversion5 
libkf5wallet-bin libkf5wallet-data libkf5wallet5 libkf5waylandclient5 
libkf5waylandserver5 libkf5webkit5 libkf5widgetsaddons-data 
libkf5widgetsaddons5 libkf5windowsystem-data libkf5windowsystem5 
libkf5xmlgui-bin libkf5xmlgui-data libkf5xmlgui5 
libkf5xmlrpcclient-data libkf5xmlrpcclient5 libkfile4 
libkfilemetadata4 libkfontinst5 libkfontinstui5 libkhtml5 
libkidletime4 libkio5 libkjsapi4 libkjsembed4 libkldap4 
libkmediaplayer4 libkmime4 libknewstuff2-4 libknewstuff3-4 
libknotifyconfig4 libkntlm4 libkolab1 libkolabxml1v5 libkonq-common 
libkonq5-templates libkparts4 libkpimutils4 libkprintutils4 libkpty4 
libkresources4 libkrosscore4 libksane-data libksane0 
libkscreenlocker5 libksgrd7 libksignalplotter7 libktexteditor4 
libktorrent-l10n libktorrent5 libktpcommoninternals9 libktplogger9 
libktpmodels9 libktpotr9 libktpwidgets9 libkubuntu1 
libkwalletbackend5-5 libkwin4-effect-builtins1 libkwineffects7 
libkwinglutils7 libkwinxrenderutils7 libkworkspace5-5 
libkxmlrpcclient4 liblastfm1 liblmdb0 libloudmouth1-0 libmad0 
libmeanwhile1 libmission-control-plugins0 libmjpegutils-2.1-0 libmms0 
libmp3lame0 libmpcdec6 libmpeg2-4 libmpg123-0 libmusicbrainz5cc2v5 
libmygpo-qt1 libnice10 libntrack-qt4-1 libntrack0 libokularcore7 
libopenconnect5 libopencore-amrnb0 libopencore-amrwb0 libopenjpeg5 
libotr5 liboxygenstyle5-5 liboxygenstyleconfig5-5 libpackagekitqt5-0 
libpam-kwallet4 libpam-kwallet5 libperl4-corelibs-perl libphonon4 
libphonon4qt5-4 libplasma-geolocation-interface5 libplasma3 
libpolkit-qt-1-1 libpolkit-qt5-1-1 libpoppler-qt4-4 libpoppler-qt5-1 
libpowerdevilcore2 libpowerdevilui5 libprocesscore7 libprocessui7 
libpurple-bin libpurple0 libqalculate5-data libqalculate5v5 libqapt3 
libqapt3-runtime libqca-qt5-2 libqca-qt5-2-plugins libqca2 
libqca2-plugin-ossl libqca2-plugins libqgsttools-p1 libqimageblitz4 
libqjson0 libqmobipocket1 libqrencode3 libqt4-qt3support 
libqt4-sql-mysql libqt5clucene5 libqt5concurrent5 libqt5designer5 
libqt5designercomponents5 libqt5help5 libqt5multimedia5-plugins 
libqt5multimediaquick-p5 libqt5multimediawidgets5 
libqt5qml-graphicaleffects libqt5sql5-mysql libqt5waylandclient5 
libqt5x11extras5 libqt5xmlpatterns5 libqtcurve-utils2 
libqtscript4-core libqtscript4-gui libqtscript4-network 
libqtscript4-sql libqtscript4-uitools libqtscript4-xml 
libreoffice-kde libreoffice-style-oxygen libschroedinger-1.0-0 
libscim8v5 libshine3 libsolid4 libssh2-1 libstoken1 
libstreamanalyzer0v5 libstreams0v5 libsyndication4 libtag-extras1 
libtaskmanager5 libtelepathy-logger-qt5 libtelepathy-logger3 
libtelepathy-qt4-2 libtelepathy-qt5-0 libthreadweaver4 libtomcrypt0 
libtommath0 libtwolame0 libvcdinfo0 libvo-aacenc0 libvo-amrwbenc0 
libvoikko1 libweather-ion7 libx264-148 libx265-79 libxcb-composite0 
libxcb-cursor0 libxcb-damage0 libxcb-dpms0 libxcb-record0 
libxerces-c3.1 libxfreerdp-client1.1 libxvidcore4 libzephyr4 libzip4 
libzvbi-common libzvbi0 milou muon-notifier muon-updater 
ntrack-module-libnl-0 okular okular-extra-backends oxygen-icon-theme 
oxygen-sounds oxygen5-icon-theme p7zip-full partitionmanager phonon 
phonon-backend-gstreamer phonon-backend-gstreamer-common 
phonon4qt5-backend-gstreamer pidgin-data pinentry-qt 
plasma-dataengines-addons plasma-desktop plasma-desktop-data 
plasma-discover plasma-discover-common plasma-discover-private 
plasma-discover-updater plasma-framework 
plasma-look-and-feel-org-kde-breezedark-desktop plasma-nm plasma-pa 
plasma-runners-addons plasma-scriptengine-javascript 
plasma-wallpapers-addons plasma-widgets-addons plasma-workspace 
plymouth-theme-kubuntu-logo plymouth-theme-kubuntu-text 
polkit-kde-agent-1 powerdevil powerdevil-data print-manager 
python3-dbus.mainloop.pyqt5 python3-pykde4 python3-pyqt4 
python3-pyqt5 python3-sip qapt-batch qapt-deb-installer qdbus-qt5 
qml-module-org-kde-activities qml-module-org-kde-bluezqt 
qml-module-org-kde-draganddrop qml-module-org-kde-extensionplugin 
qml-module-org-kde-kcoreaddons qml-module-org-kde-kio 
qml-module-org-kde-kquickcontrols 
qml-module-org-kde-kquickcontrolsaddons 
qml-module-org-kde-kwindowsystem qml-module-org-kde-runnermodel 
qml-module-org-kde-solid qml-module-org-kde-telepathy 
qml-module-qtmultimedia qml-module-qtquick-controls 
qml-module-qtquick-controls-styles-breeze qml-module-qtquick-dialogs 
qml-module-qtquick-privatewidgets qml-module-qtquick-xmllistmodel 
qml-module-qtwebkit qt5-image-formats-plugins 
qtdeclarative5-xmllistmodel-plugin qttools5-dev-tools qtwayland5 sddm 
sddm-theme-breeze sgml-data signon-kwallet-extension skanlite socat 
software-properties-kde sonnet-plugins sshfs systemsettings 
telepathy-accounts-signon telepathy-gabble telepathy-haze 
telepathy-logger telepathy-mission-control-5 telepathy-salut 
user-manager vcdimager wodim 

Supported until april 2021 (5y):
accountsservice acl acpi-support acpid adduser adwaita-icon-theme 
alsa-base alsa-utils anacron apparmor apport apport-symptoms 
appstream apt apt-transport-https apt-utils aptdaemon apturl-common 
aspell aspell-en at-spi2-core avahi-autoipd avahi-daemon base-files 
base-passwd bash bash-completion bc bind9-host binutils bluez 
bluez-cups bluez-obexd bsdmainutils bsdutils busybox-initramfs 
busybox-static bzip2 ca-certificates ca-certificates-java 
chromium-codecs-ffmpeg-extra colord colord-data command-not-found 
command-not-found-data console-setup console-setup-linux coreutils 
cpio cpp cpp-5 cracklib-runtime crda cron cryptsetup cryptsetup-bin 
cups cups-browsed cups-bsd cups-client cups-common cups-core-drivers 
cups-daemon cups-filters cups-filters-core-drivers cups-ppdc 
cups-server-common dash dbus dbus-x11 dc dconf-gsettings-backend 
dconf-service debconf debconf-i18n debianutils default-jre 
default-jre-headless dh-python dictionaries-common diffstat diffutils 
dirmngr distro-info-data dmidecode dmsetup dns-root-data dnsmasq-base 
dnsutils dosfstools dpkg e2fslibs e2fsprogs ed efibootmgr eject 
emacsen-common enchant ethtool evolution-data-server-common file 
findutils firefox firefox-locale-en fontconfig fontconfig-config 
fonts-dejavu-core fonts-dejavu-extra fonts-freefont-ttf fonts-guru 
fonts-guru-extra fonts-kacst fonts-kacst-one fonts-khmeros-core 
fonts-lao fonts-lato fonts-liberation fonts-lklug-sinhala 
fonts-lohit-guru fonts-nanum fonts-noto-cjk fonts-noto-mono 
fonts-opensymbol fonts-sil-abyssinica fonts-sil-padauk fonts-stix 
fonts-symbola fonts-takao-pgothic fonts-thai-tlwg 
fonts-tibetan-machine fonts-tlwg-garuda fonts-tlwg-garuda-ttf 
fonts-tlwg-kinnari fonts-tlwg-kinnari-ttf fonts-tlwg-laksaman 
fonts-tlwg-laksaman-ttf fonts-tlwg-loma fonts-tlwg-loma-ttf 
fonts-tlwg-mono fonts-tlwg-mono-ttf fonts-tlwg-norasi 
fonts-tlwg-norasi-ttf fonts-tlwg-purisa fonts-tlwg-purisa-ttf 
fonts-tlwg-sawasdee fonts-tlwg-sawasdee-ttf fonts-tlwg-typewriter 
fonts-tlwg-typewriter-ttf fonts-tlwg-typist fonts-tlwg-typist-ttf 
fonts-tlwg-typo fonts-tlwg-typo-ttf fonts-tlwg-umpush 
fonts-tlwg-umpush-ttf fonts-tlwg-waree fonts-tlwg-waree-ttf 
foomatic-db-compressed-ppds friendly-recovery ftp fuse fwupd fwupdate 
fwupdate-signed gcc gcc-5 gcc-5-base gcc-6-base gconf-service 
gconf-service-backend gconf2 gconf2-common gdb gdbserver gdisk 
genisoimage geoip-database gettext gettext-base ghostscript 
ghostscript-x gir1.2-glib-2.0 gir1.2-packagekitglib-1.0 
glib-networking glib-networking-common glib-networking-services gnupg 
gnupg-agent gnupg2 gpgv grep groff-base grub-common 
grub-gfxpayload-lists grub-pc grub-pc-bin grub2-common 
gsettings-desktop-schemas gsfonts gstreamer1.0-plugins-base 
gstreamer1.0-plugins-good gstreamer1.0-pulseaudio gstreamer1.0-x gzip 
hardening-includes hdparm hicolor-icon-theme hostname hplip 
hplip-data humanity-icon-theme hunspell-en-us hyphen-en-us 
i965-va-driver ieee-data ifupdown im-config imagemagick 
imagemagick-6.q16 imagemagick-common indicator-application info init 
init-system-helpers initramfs-tools initramfs-tools-bin 
initramfs-tools-core initscripts inputattach insserv install-info 
intltool-debian ippusbxd iproute2 iptables iputils-arping 
iputils-ping iputils-tracepath irqbalance isc-dhcp-client 
isc-dhcp-common iso-codes iw java-common javascript-common kbd 
kerneloops-daemon keyboard-configuration klibc-utils kmod 
krb5-locales language-pack-en language-pack-en-base 
language-selector-common laptop-detect less libaa1 libaacs0 
libabw-0.1-1v5 libaccounts-glib0 libaccounts-qt5-1 
libaccountsservice0 libacl1 libaio1 libao-common libao4 
libapparmor-perl libapparmor1 libappindicator1 libappindicator3-1 
libappstream-glib8 libappstream3 libapt-inst2.0 libapt-pkg-perl 
libapt-pkg5.0 libarchive-zip-perl libarchive13 libart-2.0-2 libasan2 
libasn1-8-heimdal libasound2 libasound2-data libasound2-plugins 
libaspell15 libasprintf-dev libasprintf0v5 libass5 libassuan0 
libasyncns0 libatasmart4 libatk-bridge2.0-0 libatk1.0-0 
libatk1.0-data libatm1 libatomic1 libatspi2.0-0 libattr1 libaudio2 
libaudit-common libaudit1 libauthen-sasl-perl libavahi-client3 
libavahi-common-data libavahi-common3 libavahi-core7 libavahi-glib1 
libavc1394-0 libavfilter-ffmpeg5 libavformat-ffmpeg56 
libavresample-ffmpeg2 libavutil-ffmpeg54 libbabeltrace-ctf1 
libbabeltrace1 libbdplus0 libbind9-140 libblkid1 libbluetooth3 
libbluray1 libbonobo2-0 libbonobo2-common libboost-date-time1.58.0 
libboost-filesystem1.58.0 libboost-iostreams1.58.0 
libboost-system1.58.0 libboost-thread1.58.0 libbs2b0 libbsd0 
libbz2-1.0 libc-bin libc-dev-bin libc6 libc6-dbg libc6-dev libcaca0 
libcairo-gobject2 libcairo2 libcamel-1.2-54 libcanberra-pulse 
libcanberra0 libcap-ng0 libcap2 libcap2-bin libcc1-0 libcdio13 
libcdparanoia0 libcdr-0.1-1 libcgi-fast-perl libcgi-pm-perl 
libcilkrts5 libclass-accessor-perl libclone-perl 
libclucene-contribs1v5 libclucene-core1v5 libcmis-0.5-5v5 
libcolamd2.9.1 libcolord2 libcolorhug2 libcomerr2 libcrack2 libcroco3 
libcryptsetup4 libcups2 libcupscgi1 libcupsfilters1 libcupsimage2 
libcupsmime1 libcupsppdc1 libcurl3 libcurl3-gnutls libdaemon0 
libdata-alias-perl libdatrie1 libdb5.3 libdbus-1-3 libdbus-glib-1-2 
libdbusmenu-glib4 libdbusmenu-gtk3-4 libdbusmenu-gtk4 libdbusmenu-qt2 
libdbusmenu-qt5 libdc1394-22 libdconf1 libdebconfclient0 
libdevmapper1.02.1 libdfu1 libdigest-hmac-perl libdjvulibre-text 
libdjvulibre21 libdns-export162 libdns162 libdouble-conversion1v5 
libdpkg-perl libdrm-amdgpu1 libdrm-intel1 libdrm-nouveau2 
libdrm-radeon1 libdrm2 libdv4 libdvdnav4 libdvdread4 libe-book-0.1-1 
libebackend-1.2-10 libebook-1.2-16 libebook-contacts-1.2-2 
libedata-book-1.2-25 libedataserver-1.2-21 libedit2 libefivar0 
libegl1-mesa libelf1 libemail-valid-perl libenchant1c2a 
libencode-locale-perl libeot0 libepoxy0 libestr0 libetonyek-0.1-1 
libevdev2 libexif12 libexiv2-14 libexpat1 libexporter-tiny-perl 
libexttextcat-2.0-0 libexttextcat-data libfcgi-perl libfdisk1 libffi6 
libfftw3-double3 libfftw3-single3 libfile-basedir-perl 
libfile-copy-recursive-perl libfile-desktopentry-perl 
libfile-fcntllock-perl libfile-listing-perl libfile-mimeinfo-perl 
libflac8 libflite1 libfont-afm-perl libfontconfig1 libfontembed1 
libfontenc1 libfreehand-0.1-1 libfreerdp-cache1.1 
libfreerdp-client1.1 libfreerdp-codec1.1 libfreerdp-common1.1.0 
libfreerdp-core1.1 libfreerdp-crypto1.1 libfreerdp-gdi1.1 
libfreerdp-locale1.1 libfreerdp-plugins-standard 
libfreerdp-primitives1.1 libfreerdp-utils1.1 libfreetype6 libfribidi0 
libfuse2 libfwup0 libfwupd1 libgbm1 libgcab-1.0-0 libgcc-5-dev 
libgcc1 libgconf-2-4 libgcrypt20 libgd3 libgdbm3 libgdk-pixbuf2.0-0 
libgdk-pixbuf2.0-common libgeoip1 libgettextpo-dev libgettextpo0 
libgif7 libgirepository-1.0-1 libgl1-mesa-dri libgl1-mesa-glx 
libglapi-mesa libglew1.13 libglib2.0-0 libglib2.0-data libglu1-mesa 
libgme0 libgmp10 libgnome-2-0 libgnome2-common libgnomevfs2-0 
libgnomevfs2-common libgnutls-openssl27 libgnutls30 libgomp1 
libgpg-error0 libgpgme11 libgphoto2-6 libgphoto2-l10n 
libgphoto2-port12 libgpm2 libgpod-common libgpod4 libgraphite2-3 
libgs9 libgs9-common libgssapi-krb5-2 libgssapi3-heimdal 
libgstreamer-plugins-base1.0-0 libgstreamer-plugins-good1.0-0 
libgstreamer1.0-0 libgtk-3-0 libgtk-3-bin libgtk-3-common libgtk2.0-0 
libgtk2.0-bin libgtk2.0-common libgtkglext1 libgudev-1.0-0 libgusb2 
libgutenprint2 libharfbuzz-icu0 libharfbuzz0b libhcrypto4-heimdal 
libheimbase1-heimdal libheimntlm0-heimdal libhogweed4 libhpmud0 
libhsqldb1.8.0-java libhtml-form-perl libhtml-format-perl 
libhtml-parser-perl libhtml-tagset-perl libhtml-tree-perl 
libhttp-cookies-perl libhttp-daemon-perl libhttp-date-perl 
libhttp-message-perl libhttp-negotiate-perl libhunspell-1.3-0 
libhx509-5-heimdal libhyphen0 libibus-1.0-5 libical1a libice6 
libicu55 libidn11 libiec61883-0 libieee1284-3 libijs-0.35 
libilmbase12 libimobiledevice6 libindicator3-7 libindicator7 
libinput10 libio-html-perl libio-pty-perl libio-socket-inet6-perl 
libio-socket-ssl-perl libio-string-perl libipc-run-perl 
libipc-system-simple-perl libisc-export160 libisc160 libisccc140 
libisccfg140 libisl15 libitm1 libiw30 libjack-jackd2-0 libjasper1 
libjbig0 libjbig2dec0 libjpeg-turbo8 libjpeg8 libjs-jquery 
libjs-underscore libjson-c2 libjson-glib-1.0-0 
libjson-glib-1.0-common libk5crypto3 libkeyutils1 libklibc libkmod2 
libkrb5-26-heimdal libkrb5-3 libkrb5support0 libksba8 
liblangtag-common liblangtag1 liblcms2-2 liblcms2-utils libldap-2.4-2 
libldb1 liblist-moreutils-perl libllvm3.8 liblocale-gettext-perl 
liblouis-data liblouis9 liblouisutdml-bin liblouisutdml-data 
liblouisutdml6 liblqr-1-0 libltdl7 liblwp-mediatypes-perl 
liblwp-protocol-https-perl liblwres141 liblz4-1 liblzma5 liblzo2-2 
libmagic1 libmagickcore-6.q16-2 libmagickcore-6.q16-2-extra 
libmagickwand-6.q16-2 libmailtools-perl libmbim-glib4 libmbim-proxy 
libmhash2 libmirclient9 libmircommon5 libmirprotobuf3 libmm-glib0 
libmng2 libmnl0 libmodplug1 libmount1 libmpc3 libmpdec2 libmpfr4 
libmpx0 libmspub-0.1-1 libmtdev1 libmtp-common libmtp-runtime libmtp9 
libmwaw-0.3-3 libmysqlclient20 libmythes-1.2-0 libncurses5 
libncursesw5 libndp0 libneon27-gnutls libnet-dbus-perl 
libnet-dns-perl libnet-domain-tld-perl libnet-http-perl 
libnet-ip-perl libnet-libidn-perl libnet-smtp-ssl-perl 
libnet-ssleay-perl libnetfilter-conntrack3 libnetpbm10 libnettle6 
libnewt0.52 libnfnetlink0 libnih1 libnl-3-200 libnl-genl-3-200 
libnl-route-3-200 libnm-glib4 libnm-util2 libnm0 libnotify4 libnpth0 
libnspr4 libnss-mdns libnss3 libnss3-nssdb libnuma1 libodfgen-0.1-1 
libogg0 libopenal-data libopenal1 libopencv-core2.4v5 
libopencv-highgui2.4v5 libopencv-imgproc2.4v5 libopenexr22 libopus0 
liborbit-2-0 liborc-0.4-0 liborcus-0.10-0v5 libp11-kit0 
libpackagekit-glib2-16 libpagemaker-0.0-0 libpam-modules 
libpam-modules-bin libpam-runtime libpam-systemd libpam0g 
libpango-1.0-0 libpango1.0-0 libpangocairo-1.0-0 libpangoft2-1.0-0 
libpangox-1.0-0 libpangoxft-1.0-0 libpaper-utils libpaper1 
libparse-debianchangelog-perl libparted-fs-resize0 libparted2 
libpcap0.8 libpci3 libpciaccess0 libpcre16-3 libpcre3 libpcsclite1 
libperl5.22 libperlio-gzip-perl libpipeline1 libpixman-1-0 libplist3 
libplymouth4 libpng12-0 libpolkit-agent-1-0 libpolkit-backend-1-0 
libpolkit-gobject-1-0 libpoppler58 libpopt0 libpostproc-ffmpeg53 
libprocps4 libprotobuf-lite9v5 libproxy1v5 libpulse-mainloop-glib0 
libpulse0 libpulsedsp libpwquality-common libpwquality1 
libpython-stdlib libpython2.7 libpython2.7-minimal 
libpython2.7-stdlib libpython3-stdlib libpython3.5 
libpython3.5-minimal libpython3.5-stdlib libqmi-glib1 libqmi-proxy 
libqpdf17 libqt4-dbus libqt4-declarative libqt4-designer libqt4-help 
libqt4-network libqt4-opengl libqt4-script libqt4-scripttools 
libqt4-sql libqt4-sql-sqlite libqt4-svg libqt4-test libqt4-xml 
libqt4-xmlpatterns libqt5core5a libqt5dbus5 libqt5gui5 
libqt5multimedia5 libqt5network5 libqt5opengl5 libqt5printsupport5 
libqt5qml5 libqt5quick5 libqt5quickwidgets5 libqt5script5 libqt5sql5 
libqt5sql5-sqlite libqt5svg5 libqt5test5 libqt5webkit5 libqt5widgets5 
libqt5xml5 libqtassistantclient4 libqtcore4 libqtdbus4 libqtgui4 
libqtwebkit4 libquadmath0 libraptor2-0 librasqal3 libraw1394-11 
libraw15 librdf0 libreadline6 libreoffice-avmedia-backend-gstreamer 
libreoffice-base libreoffice-base-core libreoffice-base-drivers 
libreoffice-calc libreoffice-common libreoffice-core libreoffice-draw 
libreoffice-help-en-us libreoffice-impress libreoffice-java-common 
libreoffice-math libreoffice-pdfimport libreoffice-sdbc-firebird 
libreoffice-sdbc-hsqldb libreoffice-style-breeze 
libreoffice-style-galaxy libreoffice-style-tango libreoffice-writer 
librest-0.7-0 librevenge-0.0-0 libroken18-heimdal librsvg2-2 
librsvg2-common librtmp1 libruby2.3 libsamplerate0 libsane 
libsane-common libsane-hpaio libsasl2-2 libsasl2-modules 
libsasl2-modules-db libsbc1 libseccomp2 libsecret-1-0 
libsecret-common libselinux1 libsemanage-common libsemanage1 
libsensors4 libsepol1 libservlet3.1-java libsgutils2-2 libshout3 
libsignon-extension1 libsignon-glib1 libsignon-plugins-common1 
libsignon-qt5-1 libslang2 libsm6 libsmartcols1 libsmbclient 
libsnappy1v5 libsndfile1 libsnmp-base libsnmp30 libsocket6-perl 
libsodium18 libsoup-gnome2.4-1 libsoup2.4-1 libsoxr0 libspectre1 
libspeex1 libspeexdsp1 libsqlite3-0 libss2 libssh-4 libssh-gcrypt-4 
libssl1.0.0 libstartup-notification0 libstdc++6 libsub-name-perl 
libsuitesparseconfig4.4.6 libswresample-ffmpeg1 libswscale-ffmpeg3 
libsystemd0 libtag1v5 libtag1v5-vanilla libtalloc2 libtasn1-6 libtbb2 
libtcl8.6 libtdb1 libtelepathy-glib0 libtevent0 
libtext-charwidth-perl libtext-iconv-perl libtext-levenshtein-perl 
libtext-wrapi18n-perl libthai-data libthai0 libtheora0 
libtie-ixhash-perl libtiff5 libtimedate-perl libtinfo5 libtk8.6 
libtxc-dxtn-s2tc0 libubsan0 libudev1 libudisks2-0 libunistring0 
libupower-glib3 liburi-perl libusb-0.1-4 libusb-1.0-0 libusbmuxd4 
libustr-1.0-1 libutempter0 libuuid1 libv4l-0 libv4lconvert0 libva1 
libvdpau1 libvisio-0.1-1 libvisual-0.4-0 libvncclient1 libvorbis0a 
libvorbisenc2 libvorbisfile3 libvpx3 libwacom-bin libwacom-common 
libwacom2 libwavpack1 libwayland-client0 libwayland-cursor0 
libwayland-egl1-mesa libwayland-server0 libwbclient0 libwebp5 
libwebpmux1 libwebrtc-audio-processing-0 libwhoopsie-preferences0 
libwhoopsie0 libwind0-heimdal libwinpr-crt0.1 libwinpr-dsparse0.1 
libwinpr-environment0.1 libwinpr-file0.1 libwinpr-handle0.1 
libwinpr-heap0.1 libwinpr-input0.1 libwinpr-interlocked0.1 
libwinpr-library0.1 libwinpr-path0.1 libwinpr-pool0.1 
libwinpr-registry0.1 libwinpr-rpc0.1 libwinpr-sspi0.1 
libwinpr-synch0.1 libwinpr-sysinfo0.1 libwinpr-thread0.1 
libwinpr-utils0.1 libwmf0.2-7 libwpd-0.10-10 libwpg-0.3-3 
libwps-0.4-4 libwrap0 libwww-perl libwww-robotrules-perl libx11-6 
libx11-data libx11-protocol-perl libx11-xcb1 libx86-1 libxapian22v5 
libxatracker2 libxau6 libxaw7 libxcb-dri2-0 libxcb-dri3-0 libxcb-glx0 
libxcb-icccm4 libxcb-image0 libxcb-keysyms1 libxcb-present0 
libxcb-randr0 libxcb-render-util0 libxcb-render0 libxcb-shape0 
libxcb-shm0 libxcb-sync1 libxcb-util1 libxcb-xfixes0 libxcb-xkb1 
libxcb1 libxcomposite1 libxcursor1 libxdamage1 libxdmcp6 libxext6 
libxfixes3 libxfont1 libxft2 libxi6 libxinerama1 libxkbcommon-x11-0 
libxkbcommon0 libxkbfile1 libxml-parser-perl libxml-twig-perl 
libxml-xpathengine-perl libxml2 libxml2-utils libxmu6 libxmuu1 
libxpm4 libxrandr2 libxrender1 libxshmfence1 libxslt1.1 libxss1 
libxt6 libxtables11 libxtst6 libxv1 libxvmc1 libxxf86dga1 libxxf86vm1 
libyajl2 libyaml-0-2 libyaml-libyaml-perl libzmq5 lintian linux-base 
linux-firmware linux-generic linux-headers-4.4.0-21 
linux-headers-4.4.0-21-generic linux-headers-generic 
linux-image-4.4.0-21-generic linux-image-extra-4.4.0-21-generic 
linux-image-generic linux-libc-dev linux-sound-base locales login 
logrotate lp-solve lsb-base lsb-release lshw lsof ltrace make makedev 
man-db manpages manpages-dev mawk media-player-info memtest86+ 
mesa-vdpau-drivers mime-support mlocate 
mobile-broadband-provider-info modemmanager mount mscompress mtr-tiny 
multiarch-support mysql-client-core-5.7 mysql-common 
mysql-server-core-5.7 mythes-en-us nano ncurses-base ncurses-bin 
net-tools netbase netcat-openbsd netpbm network-manager 
network-manager-pptp ntfs-3g openjdk-8-jre openjdk-8-jre-headless 
openoffice.org-hyphenation openprinting-ppds openssh-client openssl 
os-prober parted passwd patch patchutils pciutils pcmciautils perl 
perl-base perl-modules-5.22 plymouth plymouth-label 
plymouth-theme-ubuntu-text pm-utils policykit-1 
policykit-desktop-privileges poppler-data poppler-utils 
popularity-contest powermgmt-base ppp pptp-linux 
printer-driver-brlaser printer-driver-c2esp printer-driver-foo2zjs 
printer-driver-foo2zjs-common printer-driver-gutenprint 
printer-driver-hpcups printer-driver-min12xxw printer-driver-pnm2ppa 
printer-driver-postscript-hp printer-driver-ptouch 
printer-driver-pxljr printer-driver-sag-gdi printer-driver-splix 
procps psmisc pulseaudio pulseaudio-module-bluetooth 
pulseaudio-module-x11 pulseaudio-utils python python-apt-common 
python-dbus python-minimal python-qt4-dbus python-talloc python2.7 
python2.7-minimal python3 python3-apport python3-apt 
python3-aptdaemon python3-aptdaemon.pkcompat python3-chardet 
python3-commandnotfound python3-cups python3-cupshelpers python3-dbus 
python3-debian python3-defer python3-distupgrade python3-gdbm 
python3-gi python3-minimal python3-pexpect python3-pil 
python3-pkg-resources python3-problem-report python3-ptyprocess 
python3-pycurl python3-renderpm python3-reportlab 
python3-reportlab-accel python3-requests python3-six 
python3-software-properties python3-systemd python3-uno 
python3-update-manager python3-urllib3 python3-xkit python3.5 
python3.5-minimal qdbus qml-module-qt-labs-folderlistmodel 
qml-module-qt-labs-settings qml-module-qtgraphicaleffects 
qml-module-qtquick-layouts qml-module-qtquick-window2 
qml-module-qtquick2 qpdf qt-at-spi qtchooser qtcore4-l10n 
qttranslations5-l10n rake readline-common rename resolvconf rfkill 
rsync rsyslog rtkit ruby ruby-did-you-mean ruby-minitest 
ruby-net-telnet ruby-power-assert ruby-test-unit ruby2.3 
rubygems-integration samba-libs sane-utils sbsigntool secureboot-db 
sed sensible-utils session-migration sgml-base shared-mime-info 
signon-plugin-oauth2 signon-plugin-password signon-ui 
signon-ui-service signon-ui-x11 signond snapd sni-qt 
software-properties-common sound-theme-freedesktop squashfs-tools 
ssl-cert strace sudo system-config-printer-udev systemd systemd-sysv 
sysv-rc sysvinit-utils t1utils tar tcl tcl8.6 tcpd tcpdump telnet 
thermald time tk tk8.6 toshset ttf-ancient-fonts-symbola 
ttf-ubuntu-font-family tzdata ubuntu-core-launcher 
ubuntu-drivers-common ubuntu-keyring ubuntu-minimal ubuntu-mono 
ubuntu-release-upgrader-core ubuntu-standard ucf udev udisks2 ufw 
unattended-upgrades uno-libs3 unzip update-inetd update-manager-core 
update-notifier-common upower ure ureadahead usb-modeswitch 
usb-modeswitch-data usbmuxd usbutils util-linux uuid-runtime 
va-driver-all vbetool vdpau-driver-all vdpau-va-driver vim-common 
vim-tiny wamerican wbritish wget whiptail whoopsie 
whoopsie-preferences wireless-regdb wireless-tools wpasupplicant 
x11-apps x11-common x11-session-utils x11-utils x11-xkb-utils 
x11-xserver-utils xauth xbitmaps xdg-user-dirs xdg-utils xfonts-base 
xfonts-encodings xfonts-scalable xfonts-utils xinit xinput xkb-data 
xml-core xorg xorg-docs-core xserver-common xserver-xorg 
xserver-xorg-core xserver-xorg-input-all xserver-xorg-input-evdev 
xserver-xorg-input-synaptics xserver-xorg-input-vmmouse 
xserver-xorg-input-wacom xserver-xorg-video-all 
xserver-xorg-video-amdgpu xserver-xorg-video-ati 
xserver-xorg-video-fbdev xserver-xorg-video-intel 
xserver-xorg-video-nouveau xserver-xorg-video-qxl 
xserver-xorg-video-radeon xserver-xorg-video-vesa 
xserver-xorg-video-vmware xul-ext-ubufox xz-utils zip zlib1g

A long list, I know, but it shows per package how long it is supported. At least that is what I think I read. What is strange is, almost at the top in the section unsupported, I also see Google-chrome-stable. This might not be supported by (K)ubuntu but will be by Google.

[Pjotr]

Interesting article on heise.de, which is indeed a source of usually thoroughly (gründlich) researched articles. All the more relevant as it concerns the upcoming Linux Mint 18 as well.

I think the problem, and the solutions for it, could perhaps be divided into two separate categories:

1. shorter-than-five-years support period, but well maintained during that shorter period: selective use of PPA's or other third-party repo's to extend support. Perhaps coupled with more use of per-application virtualization with Firejail.

2. badly maintained irrespective of support period: the above, coupled with drawing attention to deficient support by the available official means, such as Launchpad.

So the questions are:

a. Which packages should we worry about most, i.e. which ones can be classified as high risk?

b. What are the remedies (best third-party repo's, best Firejail profiles) for those high risk packages?

c. In case of bad maintenance: which Launchpad threads should we support with our reactions?

The above is just my first idea about how to tackle this..... Imperfect, but maybe a starting point for solutions.

[Cosmo.]

I don't understand this thread. What's the problem (in layman terms please)? Are you saying that apps included with Mint's installation (Ubuntu version) don't have 5 years worth of security updates?

Partially. Example: Gimp has only 9 months of support (that means it ended for LM 17.x at the start of the last year). Except you would add the existing PPA for it. That means, that the old rule to avoid PPAs whenever possible, is at least questionable.

Example: This 2 years old vulnerability in vlc is not closed. For LM 13 the situation is even worse (no surprise), as you can read in this table.

Other example - in this case there is a program affected which belongs to the basic programs of the system: Synaptic. Support time is for this 3 years, that means, that this has ended for LM 13 already 1 year ago. For LM 17.x it would mean support for another 9 months, but in detail this is not even true, because Synaptic needs a dependent library, which gets only 9 months support; in other words: No support since the beginning of 2015 short after the release of LM 17.1.

[Joss]

If we use Synaptic to install new programs can't we update/upgrade those through Synaptic itself, thereby bypassing the OS (software updater) ?

[Pjotr]

the old rule to avoid PPAs whenever possible, is at least questionable.

Yes and no: "jein" auf deutsch...

It depends. For example: I don't think that Synaptic qualifies as high risk, nor do I think that it's likely to become high risk in the future. On the other hand, I think that VLC certainly is high risk.

That means that it would probably be OK to do nothing special for Synaptic. But for VLC a third-party repo (PPA?) would seem advisable. The question is then: which third-party repo is best / most reliable?

So I think that the second part of that old rule makes it still valid: "avoid PPA's whenever possible".

[Cosmo.]

I don't think that Synaptic qualifies as high risk, nor do I think that it's likely to become high risk in the future.

Mh, Synaptic is a frontend for the package-management and the package-management is part of the core of the OS. If you mean "high risk" in the sense of number of known vulnerabilities, you are right, but I merely interpret the level of risk as a question, how deep a program digs into the system. Obvious: You get asked for your password, if you launch synaptic, but not for vlc.

(I will later add something more to your previous post, especially question a. But I am a little bit short of time at the moment, so that has to wait.)

[Pjotr]

If you mean "high risk" in the sense of number of known vulnerabilities, you are right, but I merely interpret the level of risk as a question, how deep a program digs into the system.

Well, let's look at another example. Linux Mint doesn't update the Linux kernel by default, even when there are security updates available for the kernel.... I think that's acceptable, because the chance is very small that a desktop user (not a server user) will ever become the victim of an exploited kernel weakness.

In this respect, I think Synaptic and the kernel are the same. Both belong to the core of the operating system, but both are very unlikely to become a risk in real life.

Furthermore, for security it doesn't matter if an application is system core (password required) or ordinary (no password): once root access (permission escalation) has been acquired by means of an exploit of an ordinary application, there's no difference in consequences.

One could even say that ordinary applications are an even bigger risk, exactly because they don't need a password for running them....

[xenopeek]

If we use Synaptic to install new programs can't we update/upgrade those through Synaptic itself, thereby bypassing the OS (software updater) ?

Synaptic installs software and upgrades from the same software repositories as Software Manager and Update Manager and thus offers exactly the same upgrades as Update Manager and no more.

[killer de bug]

If we use Synaptic to install new programs can't we update/upgrade those through Synaptic itself, thereby bypassing the OS (software updater) ?

This possibility was removed by the team. A bug in Synaptic way of updating/upgrading resulted in broken systems.

You should update with the Update Manager, this is safer.

[killer de bug]

On the other hand, I think that VLC certainly is high risk.

Why?

[Pjotr]

On the other hand, I think that VLC certainly is high risk.

Why?

Multimedia is widespread on the web, and VLC is also widely used on Windows. That probably makes it an attractive target.

[Moem]

So how do you get from 'thinkable' to 'certainly high risk'?

[killer de bug]

Multimedia is widespread on the web, and VLC is also widely used on Windows. That probably makes it an attractive target.

In this case, the vulnerability is about an FLV file being read by VLC.
Which means that you have to first download the file and then read it with VLC. For me this doesn't qualify as high risk. First because it's a FLV file, then because you have to download it, and then read it specifically with VLC.

[Hoser Rob]

I don't consider LTS releases to be a security issue. Mostly what it means is that get security updates but otherwise you won't get the newest versions of software.

Actually for Ubuntu 14.04 I don't consider the LTS part to mean as much as it should for stability. It may be an LTS release but they didn't use an LTS kernel release. This means that Canonical has to do all that backporting that the kernel maintainers would do with an LTS kernel. This is actually why I switched to Mint.

[Cosmo.]

Furthermore, for security it doesn't matter if an application is system core (password required) or ordinary (no password): once root access (permission escalation) has been acquired by means of an exploit of an ordinary application, there's no difference in consequences.

I disagree. I would agree, if you would have said privacy instead of security. Point is, that a - assumed - misused "ordinary application" cannot change something in the system, but a password protected "core application" can - by design. So let as - hypothetically - assume, there would be a leak in synaptic, which allows a remote attacker to execute arbitrary code (see the description of the open vlc-leak, the consequences would be really drastic. For LM 13 nobody cares since 1 year about this, for LM 17.x the same will be true in 1 year from now on. BTW, this risk is even greater for Gdebi (also in universe), as it is designed to execute arbitrary DEB-files.