>
> On Thu, Nov 25, 2021 at 12:56:18PM +0000, Robie Basak wrote:
> > On Mon, Nov 22, 2021 at 05:19:38PM -0300, Lucas Moura wrote:
> > > We want to ask for opinions of this change to other Ubuntu developers, to
> > > see if we are not missing any other aspect around the original decision to
> > > include the package into *Depends*.
> >
> > Thank you Lucas for raising this here!
> >
> > Unfortunately I think that unless someone advocate for the case for this
> > here, this discussion can't go anywhere, and the status quo will remain.
> >
> > I'm saying this for the record: if those who want the change don't
> > participate, then it's unlikely to happen.
>
> FWIW, I'd also like this to be changed.
>
> As a very practical example of why: I find very annoying that by default
> on 14.04 it keeps bothering me that ESM has however many other updates
> available that -oh how unfortunate- I can't install, and what should
> have been the trivial way to avoid that to creep into my systems (i.e.,
> removing ubuntu-advantage-tools well before that change came) couldn't
> be done.
>
This is intentional, to ensure that we make users aware that there are
vulnerabilities out there that may be affecting them. One can access
ESM for free under certain terms. Once ESM ends, like it did for
Precise, we have made all ESM updates for Precise available publically
and archived on old-releases.ubuntu.com. Thus eventually everyone does
have access to them.
It is our commitment to be transparent and not hide problems, and
fight for the users to ensure they have ways to remain secure (upgrade
to a supported release or enable ESM). Whilst some users may find this
information redundant, many others may find it eye opening.
It really is very important, especially since a lot of systems get
broken simply due to lack of installing updates or timely upgrades.
Recently newer laws are getting passed that require one to disclose if
updates are available, for how long, and notify when they cease to be
provided. Although Ubuntu is nominally so far excluded from these, it
is prudent to comply with the spirit of those laws protecting and
informing users.
I see this as no different to how we default to applying security
updates, and informing users about the number of non-security updates.
Regards,
Dimitri.
--
ubuntu-devel mailing list
ubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
