[kwlug-disc] Salt master. Was it updated after this spring fallout?
Chris Frey
cdfrey at foursquare.net
Fri Jun 26 18:56:04 EDT 2020
On Thu, Jun 25, 2020 at 08:50:54PM -0400, Paul Nijjar via kwlug-disc wrote:
> Clearly LTS is losing, which means a lot more cognitive burdens for
> sysadmins -- but at the same time Salt (and many other projects) that
> use the rolling release "move fast and break things" approach depend
> upon a stable Ubuntu onto which they can build THEIR software. They
> just don't want the people USING Salt to have the same experience.
> There is some kind of disconnect here.
There is a difference in the level of support between the Ubuntu main
repositories and the universe / multiverse repos, and it looks to me
that Ubuntu draws the lines based on cost.
https://wiki.ubuntu.com/SecurityTeam/FAQ
"Ubuntu is currently divided into four components: main,
restricted, universe and multiverse. All binary packages in
main and restricted are supported by the Ubuntu Security team
for the life of an Ubuntu release, while binary packages in
universe and multiverse are supported by the Ubuntu community."
For Debian, the lines are drawn based on Free Software licenses:
https://www.debian.org/security/faq#contrib
Q: How is security handled for contrib and non-free?
A: The short answer is: it's not. Contrib and non-free aren't
official parts of the Debian Distribution and are not released,
and thus not supported by the security team. Some non-free
packages are distributed without source or without a license
allowing the distribution of modified versions. In those cases
no security fixes can be made at all. If it is possible to fix
the problem, and the package maintainer or someone else provides
correct updated packages, then the security team will generally
process them and release an advisory.
Fortunately for Debian, salt is in main. Unfortunately for Ubuntu,
salt is in universe.
- Chris
More information about the kwlug-disc
mailing list