Question regarding free ubuntu pro plan

Hi all, :wave:

I stumbled over some exciting news lately:

“Ubuntu Pro is now free for individuals” (Ubuntu Pro Now Gives You 10 Years of Security Updates for Free ).

Further information on that topic can be found here: Ubuntu Pro beta tutorial - Ubuntu Pro - Ubuntu Community Hub .

What seems particularly interesting to me is:

A free Ubuntu Pro plan for everyone to get 10 years of security updates […]
The main advantage of Ubuntu Pro over the standard distribution, are the constant security patches.
[…]
security patching (coverage for both critical , high and selected medium CVEs)
Over 2,300 packages in Ubuntu Main repository: 10 years updates
Over 23,000 packages in Ubuntu Universe repository: 10 years updates

In the meantime I got hold of ubuntu pro and now my status is:

sudo ua status
SERVICE          ENTITLED  STATUS    DESCRIPTION
esm-infra        yes       enabled   Expanded Security Maintenance for Infrastructure
fips             yes       disabled  NIST-certified core packages
fips-updates     yes       disabled  NIST-certified core packages with priority security updates
livepatch        yes       disabled  Canonical Livepatch service
usg              yes       disabled  Security compliance and audit tools

Enable services with: pro enable <service>

     Account: [my account]
Subscription: Ubuntu Pro - free personal subscription

Note: I disabled livepatch.

That looks good so far. :wink:
My question now is:

As esm-infra is active, do I get 10 years of updates now for Ubuntu Main repository and Ubuntu Universe repository on my system :question:

I would have to do a fresh install next April as my current system is Lubuntu 20.04.5 LTS.
But if I get the extended updates, could I safely run my system even longer :question:

Many thanks in advance and many greetings.

Rosika :slightly_smiling_face:

3 Likes

Yes you’ll get 10 years of support for the packages from ‘main’ though I’ll suggest you need to check which packages are included when the five years is up.

eg. with 16.04 ESM, not all packages were supported via the initial deb packages, some received support when converted to snap format. Whether or not this applies with 20.04, we’ll have to wait and see.

‘universe’ or community supported packages are not all included; haven’t been in the past, and I’ve seen no indication in any press of what they are. Whilst your 23,000 from universe sounds impressive, that’s still only a portion of what’s found in ‘universe’. I have seen mention of selected, but not what packages are included in this covered selected list; I’ve assumed like it was with 12.04, 14.04, 16.04; that we’ll see this once the release approaches EOSS (end of standard support) where 18.04 is approaching.

Lubuntu 20.04 LTS has three years of support; as the LXQt packages come from ‘universe’ and five years applies to ‘main’ packages (though it’s still possible for any MOTU to apply fixes during the five years for packages found in ‘universe’).

5 Likes

@guiverc:

Hi Chris, :wave:

thanks a lot for your reply.

Yes, indeed ubuntu-security-status still tells me support is available until 4/2025.
That´s for “main” I guess.

ubuntu-security-status
2794 packages installed, of which:
1797 receive package updates with LTS until 4/2025
   2 packages are from third parties
   2 packages are no longer available for download
[...]

I see. Thanks.

O.K. I think I get it. Surely I was getting carried away by the impressive number of packages supported. :blush:

I see. And all of the LXQt packages are not - or at least not neccessarily - covered by the extended ubuntu pro plan… if I understand correctly.

Well, seems I have to do a fresh install next April after all.
But good to know how things work in the background.

Thanks a lot, Chris, for your help.

Many greetings from Rosika :slightly_smiling_face:

1 Like

The Ubuntu Pro plan covers only security patches. Whether a fix is related to security is not always clear.

That Canonical is delivering security patches for LTS releases for 10 years is

  1. surprising
  2. unclear which packages of “universe” are part of this initiative?

What does it mean to deliver security patches for several LTS versions for 10 years?
It means Canonical has a lot of (paid and unpaid) packagers, which are able to create patches, that only contain the security fix. Then there are a lot of testers, which are testing and reviewing the patches. And Canonical must also have a lot of security experts (they cost a lot and they are hard to find on the market [but if Canonical has a lot of them, then it is clear, why all the other companies have problems to find security experts]).

For Canonical as a company it makes sense to deliver 10 years of security patches to paying customers. But only for enterprise customers that are using wide-spread server applications (e.g. mariadb). It does not make sense for “private users” which are using the desktop version at home.

What does it mean for Lubuntu?
Lubuntu is a small project who is delivering the LXQt packages to the Ubuntu world. Because it is a small team, Lubuntu supports the delivered packages for 3 years for LTS versions.

The upstream LXQt project is unfortunately not a good upstream for stable releases (some of the LXQt project members do not seem to know what “stable release” means). They are sporadically releasing a new release. And when a new LXQt upstream release is there, the previous release is now “old” and unmaintained. If you have a problem in your “old” release, they sometimes help you to find the problem, sometimes they don’t. But they never release a fixed “old” release. That makes the life of Lubuntu a lot harder.

Let’s assume LXQt is releasing (fictive) version 3.5.6.1 with “a critical security fix in libfm-qt” in the year 2026, written for (let’s say) Qt7. Let’s further assume one of the Canonical “Ubuntu Pro” employees hears about that. It would then require, that one or more employees of Canonical are reviewing the fixed version to understand the security problem and how it is fixed (and in reality security experts would further inspect the code to better understand, whether the error was really fixed or more “workarounded”).
If everything looks correct and worth to deliver a security patch for libfm-qt, the real fun starts:
Canonical has to extract the security fix. Then Canonical has to check the code of libfm-qt in version 0.14.1 with the used Qt5 version. And the patches need to be tested…

I have some doubts, that LXQt patches are part of the “Ubuntu Pro” plan.

4 Likes

Not sure if someone already pointed this out or not, but esm-infra is only the Main packages. You have to enable esm-apps as well if you want updates in Universe packages. You enable those by running sudo pro enable esm-apps --beta.

4 Likes

Hi all, :wave:

thanks so much for your latest comments. :heart:

@apt-ghetto:

Wow, that really is some good explanation of how things work. Thanks so much.
Indeed, you provided the very info I was looking for. :+1:

Quite. It was a surprise to me as well. Therefore I wanted to learn more.

It was particularly helpful to put the findings into context in your " What does it mean for Lubuntu? paragraph.

What a lot of work there´s to be done to eventually apply fixes. :neutral_face:

Right. That´s certainly the logical deduction.
Thanks again for putting so much time and effort into your explanation. It´s highly appreciated.

Well, as I said in my post #3, as a consequence I´ll do a fresh install next April
then.

Thanks a lot and many greetings.
Rosika :slightly_smiling_face:

@ArrayBolt3:

Thanks, Aaron, for bringing that to my attention. This point actually escaped my attention. :blush:

Anyway, it´s good to know how to enable updates for Universal packages.

Many greetings from Rosika :slightly_smiling_face:

2 Likes

This topic was automatically closed 30 days after the last reply. New replies are no longer allowed.