Remix.run Logo
Remix clone Hacker News
new | show | ask | jobsGithub
happyopossum 3 hours ago

Given the recent dramatic uptick in vulnerability discoveries, it's also prone to being quite insecure...

xmprt 3 hours ago | parent [-]

LTS still typically get security updates. That's what the support in long term support means.

moskimus 2 hours ago | parent [-]

This gets thrown around a lot, but it's not entirely true. Depending on the particular distro, only certain core packages are likely to get updates on LTS releases. Non-core packages may just get left to rot until the next LTS release. Specifically Ubuntu follows this. A lot of their non-core packages just get imported from Debian and then just sit unmaintained until next release (this goes doubly if not using Ubuntu Pro).

thewebguyd an hour ago | parent [-]

Especially frightening when you look at how much everyday stuff is actually in the Universe repo in Ubuntu. Without Ubuntu Pro, your LTS system can sit in a very insecure state for a long time as patching Universe is "best effort" from the community.

Most popular GUI stuff is from universe, as are quite a few dev tools. Some examples: Gimp, Inkscape, pip (and a ton of python packages), most of gnome, a big chunk of KDE, htop, mariadb, etc.

See for yourself grep -h "^Package:" /var/lib/apt/lists/_universe__Packages | awk '{print $2}' | sort -u

Or to see only what you have installed from Universe: comm -12 <(dpkg-query -f '${Package}\n' -W | sort) <(grep -h "^Package:" /var/lib/apt/lists/_universe__Packages | awk '{print $2}' | sort -u)

A big repo isn't always better.