• Avid Amoeba
        link
        fedilink
        arrow-up
        5
        ·
        edit-2
        2 months ago

        10 years security updates, plus security patches for community packages (instead of waiting on community patches). It’s basically the corporate support plan provided for free for up to 5 machines per account.

        • Cyborganism
          link
          fedilink
          arrow-up
          4
          ·
          2 months ago

          security patches for community packages (instead of waiting on community patches)

          I’m not sure I understand that part. Is Canonical implementing the patches instead of the open source project/package developers? I’m confused.

          • Avid Amoeba
            link
            fedilink
            arrow-up
            3
            ·
            edit-2
            2 months ago

            Exactly. In Debian, the community implements security patches. In Ubuntu, Canonical implements security patches for a part of the repo (main), the community implements them for the remainder (universe). This has been the standard since Ubuntu’s inception. With Ubuntu Pro, Canonical implements security patches for the whole repo (main and universe).

            • Cyborganism
              link
              fedilink
              arrow-up
              2
              ·
              2 months ago

              So they’re actively involved in the development of open source projects then?

              • Avid Amoeba
                link
                fedilink
                arrow-up
                2
                ·
                edit-2
                2 months ago

                Not necessarily. For all of these cases, Debian, Ubuntu, Pro, the community and Canonical are package maintainers. Implementing patches means means one of: grabbing a patch from upstream and applying it to a package (least work, no upstream contribution); deriving a patch for the package from the latest upstream source (more work, no upstream contribution); creating a fix that doesn’t exist upstream and applying it to the package (most work, possible upstream contribution). I don’t know what their internal process is for this last case but I imagine they publish fixes. I’ve definitely seen Canonical upstreaming bug fixes in GNOME, because that’s where I have been paying attention to at some point in time. If you consider submitting such patches upstream as actively involved in project development, then they are actively involved. I probably wouldn’t consider that active involvement just like I don’t consider myself actively involved when I submit a bug fix to some project.