On Tue, Jun 13, 2017 at 12:36:40PM -0000, JK wrote: > So, my remaining questions are: > - how long will "php7.0-fpm" receive security updates and critical bug-fixes?
At least until 16.04 is EOL (April 2021), but see my answer to the next question. > - what does "community supported" actually mean? Is it officially defined somewhere? It means that Canonical make no firm commitment to provide updates, but all acceptable updates prepared by community members will be gratefully accepted. If you are a developer, see https://wiki.ubuntu.com/StableReleaseUpdates and https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation for instructions on how to prepare and submit these. > - how long are packages from universe actually supported and what kind of updates (security, critical bugs, etc.) do they receive? The same as for main, except that we rely on developers volunteering updates (both for security and critical bugs) rather than having someone at Canonical committed to providing them. I should add: * It would be quite unusual to move php7.0-fpm to main *in 16.04*. Usually the main/universe split and associated commitments are decided before release, and 16.04 has already been released. A change to move php7.0-fpm, if it were to happen, would affect future releases, not past ones. * In practice, most PHP vulnerabilities are likely to affect more than just php7.0-fpm. Since php7.0-fpm is built from the same src:php7.0, it is likely that you'll get updates from Canonical anyway, since an update to the source is likely to be necessary to update the binary packages built from the same source that _are_ in main. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1267255 Title: [MIR] php7.0 (php7.0-fpm binary) To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/php7.0/+bug/1267255/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs