On Mon, 2011-12-12 at 17:15 +0000, Jonathan Riddell wrote: > Hi, I'd like to propose that Kubuntu 12.04 is LTS for 5 years. > > The details are at > > https://wiki.kubuntu.org/Kubuntu/12.04/LTS-Proposal
Hi, The Kubuntu proposal states the following: * KDE has active security updates from upstream. * Qt has active security updates from upstream. * Kubuntu security updates are handled by either Kubuntu or Ubuntu Security team as currently. While it is true that KDE and Qt do provide predisclosure and active security updates, they have already stopped providing this support for the versions of KDE in 10.04 LTS, and 10.04 is only 2.5 years into its LTS. Is there a firm commitment from upstream regarding their support for KDE4 (especially considering they will be busy with KDE/Qt 5) for 5 years? Also, KDE/Qt has not provided any assistance with qtwebkit and this is putting their users at risk. I strongly advise that Kubuntu move to Ubuntu's supported browser, Firefox so that users may continue to get timely security updates for their browser-- arguably one of the most important applications for any desktop user. Furthermore, while the Ubuntu Security team has been performing security updates for Kubuntu, the support from the Kubuntu community has waned in this regard. At this point, we still get patch URLs, but often debdiffs are only for the latest release (or maybe where the patch applies cleanly). It is unclear how much testing is performed on the supplied debdiffs and so full testing must be performed by the Ubuntu Security team. Backporting and testing puts a strain on our team. Perhaps the waning of contributions is due to temporary role rotations from within Canonical. Do we have a commitment from the Kubuntu community to provide support for Kubuntu like with other recognized flavors? I am strongly in favor of Kubuntu being treated like other recognized flavors-- ie where the Ubuntu Security team provides notification to the flavor's security contact and sponsors patches with testing falling on the community (ie, if the security contact for the recognized flavor tells us to publish, we do so). -- Jamie Strandboge | http://www.canonical.com
signature.asc
Description: This is a digitally signed message part
-- technical-board mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/technical-board
