this post was submitted on 18 Jan 2024

88 points (95.8% liked)

Linux

45574 readers

1789 users here now

From Wikipedia, the free encyclopedia

Linux is a family of open source Unix-like operating systems based on the Linux kernel, an operating system kernel first released on September 17, 1991 by Linus Torvalds. Linux is typically packaged in a Linux distribution (or distro for short).

Distributions include the Linux kernel and supporting system software and libraries, many of which are provided by the GNU Project. Many Linux distributions use the word "Linux" in their name, but the Free Software Foundation uses the name GNU/Linux to emphasize the importance of GNU software, causing some controversy.

Rules

Posts must be relevant to operating systems running the Linux kernel. GNU/Linux or otherwise.
No misinformation
No NSFW content
No hate speech, bigotry, etc

Related Communities

Community icon by Alpár-Etele Méder, licensed under CC BY 3.0

founded 5 years ago

MODERATORS

AgreeableLandscape@lemmy.ml

nooter692@lemmy.ml

MarcellusDrum@lemmy.ml

cypherpunks@lemmy.ml

cyclohexane@lemmy.ml

d3Xt3r@lemmy.nz

What does Ubuntu do when LTS is supported for 12 years, but PHP is not? (lemmy.one)

submitted 5 months ago by veer66@lemmy.one to c/linux@lemmy.ml

27 comments fedilink hide all child comments

Will they keep patching old version of PHP?

all 29 comments

sorted by: hot top controversial new old

[–] ipsirc@lemmy.ml 43 points 5 months ago

They're waiting for Debian developers backporting the patches.

[–] Limonene@lemmy.world 35 points 5 months ago

In many cases, they will cherrypick security fixes and other major bugfixes from the bleeding edge version, and put those fixes in the old versions of the software.

This is the same thing the PHP folks would do while the old PHP is supported. Once the old PHP is out of support but Ubuntu LTS is still in support, then the Ubuntu folks have to put in the extra work to do the cherrypicking.

[–] Kualk@lemm.ee 27 points 5 months ago* (last edited 5 months ago) (1 children)

Only if there is such a huge vulnerability that they will have no choice.

That’s just my guess.

Promise of support is a tricky one.

[–] atzanteol@sh.itjust.works 12 points 5 months ago

I love how people are up-voting your completely wrong "just a guess".

[–] corsicanguppy@lemmy.ca 20 points 5 months ago

Take up non-feature security-only maintenance.

This isn't hard. SCO and Sun did exactly this.

[–] 0xtero@beehaw.org 12 points 5 months ago

I'd guess they'll do what Debian does with backports.
https://backports.debian.org/

[–] chameleon@kbin.social 10 points 5 months ago

There are community backports (like Sury's Debian builds) for PHP, including a branch of PHP 5.6 originally released in 2014. Most other notable languages and major packages have something likewise as well, right down to major packages like Drupal 6. It's not always easy, but it's doable and the work is usually either already done or can be paid for.

Weird things that are truly too difficult to support are also often excluded. Eg Spectre/Meltdown fixes were non-trivial and had to be backported to a fairly wide range of things but that only went so far back. Some old systems just never got those fixes and instead have to be ran with a workaround ("don't run untrusted code"). I don't know how things are with the new offering but large complicated packages with lots of moving parts like OpenStack used to be excluded from the full extended support cycle before as well.

[–] db2@lemmy.world 7 points 5 months ago (2 children)

I would think "long term support" can also sometimes mean moving that support to a newer version, especially where it doesn't break compatibility.

[–] atzanteol@sh.itjust.works 3 points 5 months ago

It usually involves "backporting" new fixes into old code.

[–] Spectacle8011@lemmy.comfysnug.space 1 points 5 months ago

That would be the logical conclusion, but I believe Debian uses the old version for years after it's unsupported and might backport security fixes depending on how severe they are. Either way, I personally wouldn't trust Debian or Ubuntu to properly fix security issues with a program (or in this case, programming language) that they do not actively develop or maintain themselves.

[–] SheeEttin@programming.dev 3 points 5 months ago

Either they add a new version of PHP or they backport the fixes.

[–] mvirts@lemmy.world 2 points 5 months ago (1 children)

I'm sure it'll be fine, just keep running the old version 🙃

[–] atzanteol@sh.itjust.works 4 points 5 months ago

It will be fine. That's the entire point of an lts version. Ubuntu back ports security fixes to the old versions.

[+] bizdelnick@lemmy.ml -7 points 5 months ago (1 children)

LOL they'll do nothing as usual. Probably they will apply security patches if someone submit them, but I'm unsure.

[–] atzanteol@sh.itjust.works 4 points 5 months ago* (last edited 5 months ago) (1 children)

Uh, no.

https://ubuntu.com/about/release-cycle

For each Ubuntu LTS release, Canonical maintains the Base Packages and provides security updates, including kernel livepatching, for a period of ten years.

All the blind Ubuntu hate in here...

[–] bizdelnick@lemmy.ml -2 points 5 months ago (3 children)

It does not even provide security fixes to unpayed users for two years. Except for few "base" packages. BTW is php a "base" package in ubuntu?

[–] atzanteol@sh.itjust.works 2 points 5 months ago

Yes.

$ apt policy php
php:
  Installed: (none)
  Candidate: 2:8.1+92ubuntu1
  Version table:
     2:8.1+92ubuntu1 500
        500 http://mirrors.us.kernel.org/ubuntu jammy/main amd64 Packages
        500 http://mirrors.us.kernel.org/ubuntu jammy/main i386 Packages
        500 https://mirrors.mit.edu/ubuntu jammy/main amd64 Packages
        500 https://mirrors.mit.edu/ubuntu jammy/main i386 Packages
        500 http://apt.pop-os.org/ubuntu jammy/main amd64 Packages
        500 http://apt.pop-os.org/ubuntu jammy/main i386 Packages

[–] avidamoeba@lemmy.ca 1 points 5 months ago (1 children)

Ubuntu Pro is free for up to 5 machines per account.

[–] bizdelnick@lemmy.ml 0 points 5 months ago (2 children)

Any reason to register an account instead of installing Debian?

[–] avidamoeba@lemmy.ca 2 points 5 months ago* (last edited 5 months ago) (1 children)

Installing Debian is not an alternative to the 10-12 year Ubuntu LTS support because Debian doesn't offer that kind of support. Also as the sibling noted, Ubuntu Pro isn't needed to get the same support you're getting from Debian. Ubuntu Pro provides additional support that you don't get from Debian throughout the support lifespan.

BTW, not offering 10-12 years of support is totally reasonable for a community distribution. I don't expect volunteers to be backporting fixes for packages built 12 years ago.

[–] bizdelnick@lemmy.ml -1 points 5 months ago

10-12 years of support attract only those who think they will never need to update. I don't think so and I update to each released version, each ~2 years. I know that skipping a release is not supported in any distribution. And update cost grows exponentially over time. So thank you, but I don't need a support for longer than 3 or 4 years. But for that period I want to have security updates for all software I installed, not only "base". And I want to get them from public repositories hosted on independent mirrors to be sure that I wont be banned by vendor for some reason.

As for additional support, I don't need it. I can solve my problems myself and do if faster than Canonical would do. And not only my problems. I also contribute to open source software and I want my contributions to be available to anyone, not only those who pay for support to some company that I have no relationship with.

[–] atzanteol@sh.itjust.works 1 points 5 months ago* (last edited 5 months ago) (3 children)

There's no need to register an account with Ubuntu at all. You have no idea what you're talking about. You don't need a pro license to get updates for an LTS for 5 years of support. The "base packages" are both the "main" and "restricted" repositories - it isn't just a few "core libraries" as you seem to think.

Debian is an excellent distro but I can't even find out what Debian considers to be covered by their LTS. Their page about it is very vague. I would guess that it's the same though - "main" repository is what they cover. Similar to Ubuntu.

[–] avidamoeba@lemmy.ca 1 points 5 months ago* (last edited 5 months ago)

I thought they mean support beyond 5 years. You're right of course.

[–] bizdelnick@lemmy.ml 1 points 5 months ago* (last edited 5 months ago) (1 children)

There’s no need to register an account with Ubuntu at all. You have no idea what you’re talking about. You don’t need a pro license to get updates for an LTS for 5 years of support. The “base packages” are both the “main” and “restricted” repositories - it isn’t just a few “core libraries” as you seem to think.

Really? So why does apt tell me that I need <some blabla that usually means "give us your money", don't remember exact wording> to get updates for more packages than it has downloaded each time I run apt update? I have latest LTS (22.04) on my laptop. Maybe you have no idea what you are talking about? I could get any updates until recent (year or two? I use that laptop only occasionally, so I don't remember the exact time), but now it is clear that Canonical goes the same way as RedHat/IBM.

I would guess that it’s the same though - “main” repository is what they cover. Similar to Ubuntu.

You are wrong because Debian's main is not similar to Ubuntu. Debian has no universe repo, all FOSS packages go to main.

[–] atzanteol@sh.itjust.works 0 points 5 months ago (1 children)

So why does apt tell me that I need to get updates for more packages than it has downloaded each time I run apt update? I have latest LTS (22.04) on my laptop.

"I'm going to provide zero information about a problem I'm having, say that I have no idea why it's happening, and then claim it supports my conclusion - check mate!"

[–] bizdelnick@lemmy.ml 0 points 5 months ago* (last edited 5 months ago)

I would provide an info about a problem if I asked for help. But I don't need any help, I know the solution.

[–] joeyjr@mastodon.online 1 points 5 months ago

@atzanteol @bizdelnick
From what I read, the +5 yrs with a Pro account is on top of the LTS 5 yrs support.

Say Xenial ended last April 2021. With Pro that extends it another 5yrs. With it support ends some time in 2026?

But that is not +5 from when you got the Pro account. It started ticking the moment Xenial EOL'd. So if I signed up Pro now, my Xenial updates will still end on 2026. Should work for later LTS versions, +5 after base 5 on the same Pro account free up to 5 machines.