-- Leo's gemini proxy

-- Connecting to michaelnordmeyer.com:1965...

-- Connected

-- Sending request

-- Meta line: 20 text/gemini;lang=en-US

The Fallacy of Linux LTS Distributions


Linux Long-Term Support (LTS) distributions are a fallacy. Because people assume that the whole distribution, that means all packages, are supported for the advertised time period.


This is not true. Only a small subset gets extended support.


Ubuntu makes this clear on its lifecycle page, but they weren’t always that clear:


Ubuntu Lifecycle


> Ubuntu LTS releases receive 5 years of standard security maintenance for all packages in the ‘Main’ repository.


The problem starts with the available packages. The “Main” repository is only a small subset of all available packages. Here’s an overview of how the repositories relate:


┌───────────────────────────────────┬───────────────┬───────────────────┐
│                                   │ Free software │ Non-free software │
╞═══════════════════════════════════╪═══════════════╪═══════════════════╡
│ Officially supported by Canonical │ Main          │ Restricted        │
│ Community supported/Third party   │ Universe      │ Multiverse        │
└───────────────────────────────────┴───────────────┴───────────────────┘

More Info on Wikipedia (scroll to “Package classification and support”)


Let’s find the number of available packages on Ubuntu 22.04 LTS:


apt-cache dumpavail | grep "Filename: pool/main" | wc -l
apt-cache dumpavail | grep "Filename: pool/restricted" | wc -l
apt-cache dumpavail | grep "Filename: pool/universe" | wc -l
apt-cache dumpavail | grep "Filename: pool/multiverse" | wc -l


┌────────────┬────────────┐
│ Repository │ # Packages │
╞════════════╪════════════╡
│ main       │       9835 │
│ restricted │       7255 │
│ universe   │      59216 │
│ multiverse │       1060 │
╞════════════╪════════════╡
│ Total      │      77366 │
└────────────┴────────────┘

That shows that only less than 13 % are supported for the whole Ubuntu 22.04 LTS period. Not so LTS, in my opinion.


Find Unsupported Software


To see how many packages are being supported, `pro security-status` will give some insights.


A standard Ubuntu server install with only one package from “universe” (httpie) and its dependencies added shows:


626 packages installed:
    619 packages from Ubuntu Main/Restricted repository
    7 packages from Ubuntu Universe/Multiverse repository

Because the default settings have all repositories enabled, it’s easy to install unsupported software.


Mitigation Through Upgrades?


Ubuntu’s non-LTS releases are supported for nine months. For half a year this release is the current one, and another three months grace period to update to the new non-LTS release.


Upgrading from a LTS release to a newer non-LTS release is possible.


Upgrading from a non-LTS release to a current LTS is only possible, if the LTS release is also the ordinary new non-LTS release. Otherwise it would be a downgrade to older packages, which is not supported.


IMHO it’s not so hard to upgrade a non-LTS install twice a year. A little downtime exists anyway, because kernels, glibc, and others want to be upgraded every once in a while. And people who cannot have any downtime have proper cloud architectures, where the instances can be replaced easily with no downtime.


A Worrying Discovery


Ubuntu:


> Interim releases receive full security maintenance for ‘main’ during their lifespan.


That means Ubuntu non-LTS releases only support “main” as well. I would have expected more.

-- Response ended

-- Page fetched on Tue May 21 14:35:01 2024