I found this on Reddit:
https://www.wilderssecurity.com/threads/ubuntu-lts-many-vulnerabilities-despite-long-term-support.385386/
The article that the forum references is on Heise.de, and is in German (I
should emphasise that I cannot read German, sorry):
http://m.heise.de/ct/artikel/Ubuntu-LTS-Langzeitpflege-gibt-es-nur-fuer-das-Wichtigste-3179960.html
The forum claims that only the 'main' repository gets long term support.
Apparently the rest of the packages, in 'universe', are imported from Debian
Unstable and then basically left to rot. They are only refreshed on the next
Ubuntu release.
I am not sure how much I should be concerned about this. I understand that
'main' includes essential things like GnuPG, the GNU C library and X.org, but
considering 'main' is a mere 7000 or so packages, as opposed to the some
40000 packages in Debian, this seems like it could be a severe oversight on
the part of Canonical. They give an example of VLC media player: if an
exploit was found in this widely-used piece of software, that could be bad
for the LTS users.
Thoughts? Personally, I have advocated for some time switching to Debian, so
naturally would suggest Trisquel does that, especially since gNewSense is
rather dormant, shall we say.
- [Trisquel-users] "Ubuntu LTS: Many vulnerabilities despi... dguthrie
-