Ubuntu has that dumb subscription to get security updates that pushed me away. Sure it was free for personal use, but I don’t want to have to give my personal information to get updates that are created primarily by volunteer open source developers anyway.
Y’know…this. I might not like it, and many of their choices are… questionable…
…but I think it’s good we have some effort coming from full-time career paid Linux developers, rather than just sponsorship money from FOSS-leeches like “mEtA” and “aMaZoN.”
By simply not using Ubuntu, and ignoring the MOTD on my VM servers…I don’t really feel affected by their actions in any meaningful way. And that makes me happy.
As opposed to having to just accept whatever new footgun Microsoft wants to blast users with next.
Same they did before or red hat does or every other corporation who has benefitted from the labor of open source developers. Services built on those things or built around them. Not the things themselves. Their corporate customers benefit from the stuff they produce, but they didn’t produce most of it,so either start from scratch with, propriety software, or they need to give the content to everyone at the same time, not hold onto it for some time. That’s against the whole idea of open source and probably technically violates some copyleft licenses, but definitely violates the spirit of them. Even if they fix some bugs or add some features, they didn’t come up with the ideas, build the thing while it wasn’t producing income, or build the communities that they collaborate with. They just add what benefits them to the existing content.
Exactly. But the corporations do it because it benefits them more than starting from scratch. They should release all changes to the central repository for all to consume as part of the agreement to get the benefit of the already created software. Not hold onto the patches to give them to their customers and people who pay them with their personal information.
Everything that’s in main gets released to everyone with the security fixes. Canonical’s security team works on those.
The stuff in the universe repo is owned by the Ubuntu community (not by Canonical), so anyone can submit those fixes, but it depends on the Masters of the Universe, who are all volunteers, to get it upstreamed.
The extra Ubuntu Pro updates for the universe repo come from when someone who’s paying for Ubuntu Pro asks Canonical to make a patch. The source is still available to anyone, so someone could take that patch and then submit it to the community who maintains the universe repo.
Once the 5 years of standard support ends, then the only way to get additional fixes is through Ubuntu Pro, but if Canonical writes those fixes they also submit them back upstream (as opposed to if they grab a specific patch from upstream — and even then it’s still available on Launchpad regardless.
The reason nobody’s made a CentOS but for Ubuntu Pro is that it’s way easier to submit the patches through the community (and become part of that community who approves packages) than it is to spin up all the infrastructure that would be needed.
But why are the patches kept separate at all. Especially if it’s a copyleft licensed code they’re patching. Many of those require release of the code. And the spirit of that was to make companies who profit off of the code release anything they add as they add it. Otherwise, they’re welcome to instead of taking open source code and patching it, creating closed source code from scratch without using any of the code from the open source version and selling that. It’s very simple. The license says, you want this code, you’re welcome to it, but release any fixes or improvements you make do we all benefit, not just developers, but users all benefit. If they keep it locked up, even if they release it as a patch that’s not accessible to the large majority of users, then it’s violating the spirit if in some cases not the letter of the license.
Those patches get either pulled from upstream or built in-house and shared to upstream. Just like in Debian, and just like in the regular Ubuntu releases, the package is based on some upstream version and then the deb packaging applies the patch sets as listed in the diff tarball.
Ubuntu has that dumb subscription to get security updates that pushed me away. Sure it was free for personal use, but I don’t want to have to give my personal information to get updates that are created primarily by volunteer open source developers anyway.
What do you think canonical should charge for? They do put a ton of work into the linux eco system
Y’know…this. I might not like it, and many of their choices are… questionable…
…but I think it’s good we have some effort coming from full-time career paid Linux developers, rather than just sponsorship money from FOSS-leeches like “mEtA” and “aMaZoN.”
By simply not using Ubuntu, and ignoring the MOTD on my VM servers…I don’t really feel affected by their actions in any meaningful way. And that makes me happy.
As opposed to having to just accept whatever new footgun Microsoft wants to blast users with next.
If you don’t want amazon in GNU/Linux, Ubuntu probably isn’t the best choice
Same they did before or red hat does or every other corporation who has benefitted from the labor of open source developers. Services built on those things or built around them. Not the things themselves. Their corporate customers benefit from the stuff they produce, but they didn’t produce most of it,so either start from scratch with, propriety software, or they need to give the content to everyone at the same time, not hold onto it for some time. That’s against the whole idea of open source and probably technically violates some copyleft licenses, but definitely violates the spirit of them. Even if they fix some bugs or add some features, they didn’t come up with the ideas, build the thing while it wasn’t producing income, or build the communities that they collaborate with. They just add what benefits them to the existing content.
Red Hat charge for access to the RHEL binaries. That’s literally why CentOS came into existence.
I don’t understand what’s the bonus of suscribing for those updates. Are they better or come before everyone else gets them?
Extended support for otherwise unsupported release
as far as I understand it, they aren’t directly from upstream, canonical makes or backports those patches.
that’s the whole point, subscribing gets you patches before the devs of the packages do for that version
Exactly. But the corporations do it because it benefits them more than starting from scratch. They should release all changes to the central repository for all to consume as part of the agreement to get the benefit of the already created software. Not hold onto the patches to give them to their customers and people who pay them with their personal information.
Everything that’s in
maingets released to everyone with the security fixes. Canonical’s security team works on those.The stuff in the
universerepo is owned by the Ubuntu community (not by Canonical), so anyone can submit those fixes, but it depends on the Masters of the Universe, who are all volunteers, to get it upstreamed.The extra Ubuntu Pro updates for the
universerepo come from when someone who’s paying for Ubuntu Pro asks Canonical to make a patch. The source is still available to anyone, so someone could take that patch and then submit it to the community who maintains theuniverserepo.Once the 5 years of standard support ends, then the only way to get additional fixes is through Ubuntu Pro, but if Canonical writes those fixes they also submit them back upstream (as opposed to if they grab a specific patch from upstream — and even then it’s still available on Launchpad regardless.
The reason nobody’s made a CentOS but for Ubuntu Pro is that it’s way easier to submit the patches through the community (and become part of that community who approves packages) than it is to spin up all the infrastructure that would be needed.
But why are the patches kept separate at all. Especially if it’s a copyleft licensed code they’re patching. Many of those require release of the code. And the spirit of that was to make companies who profit off of the code release anything they add as they add it. Otherwise, they’re welcome to instead of taking open source code and patching it, creating closed source code from scratch without using any of the code from the open source version and selling that. It’s very simple. The license says, you want this code, you’re welcome to it, but release any fixes or improvements you make do we all benefit, not just developers, but users all benefit. If they keep it locked up, even if they release it as a patch that’s not accessible to the large majority of users, then it’s violating the spirit if in some cases not the letter of the license.
…that’s not what they’re doing though?
Those patches get either pulled from upstream or built in-house and shared to upstream. Just like in Debian, and just like in the regular Ubuntu releases, the package is based on some upstream version and then the deb packaging applies the patch sets as listed in the diff tarball.
Here’s what the latest kernel for Ubuntu 26.04 look like: https://launchpad.net/ubuntu/+source/linux/6.17.0-6.6
Those same tarballs are available for any Ubuntu package by running
apt source <pkg>as long as you’ve configured the matchingdeb-srcrepositories.Why would anyone want this?
to close security vulnerabilities on their servers faster