Why is Extended Security Maintenance needed for apps in Ubuntu 20.04.x LTS in 2021?

Desktop
#1

After reading this link (and the following posts) I checked in my computer.

tester@lenovo-v130:~$ ubuntu-security-status 
1832 packages installed, of which:
1673 receive package updates with LTS until 4/2025
 152 could receive security updates with ESM Apps until 4/2030
   7 packages are from third parties

Packages from third parties are not provided by the official Ubuntu
archive, for example packages from Personal Package Archives in
Launchpad.
For more information on the packages, run 'ubuntu-security-status
--thirdparty'.

Enable Extended Security Maintenance (ESM Apps) to get 10 security
updates (so far) and enable coverage of 152 packages.

This machine is not attached to an Ubuntu Advantage subscription.
See https://ubuntu.com/advantage
tester@lenovo-v130:~$

Questions

  1. Why is Extended Maintenance needed for apps in Ubuntu 20.04.x LTS in 2021?

  2. Which are those 10 security updates that need ESM? Is there a link where they are listed?

  3. Where are the 152 packages (that need ESM) listed?

2 Likes
#2

This sounds like a misleading, incorrect message. ESM wouldn’t be needed (or even enabled) until 20.04 is EOL, in 2025. Can you file a bug issuing the following command: ubuntu-bug update-manager-core ?

More info on the packages covered by ESM is available on the following wiki page: https://wiki.ubuntu.com/SecurityTeam/ESM.

2 Likes
#3

Here is the bug report:

Please add heat by clicking on the bug report’s ‘Affects me too’ button (if it affects you).

2 Likes
#4

The bug report was declared invalid, so we are back to where we started :frowning:

So again, which packages in Ubuntu 2021 need ESM to be upgraded during 2021? Until [re]solved, several people are suspecting that there is a security hole here.

2 Likes
#5

The bug report was refused. What to do next?

1 Like
#6

See my last comment on the bug. Julian suggested to continue the conversation here, which sounds reasonable. Note that a lot of people are on holidays now, so don’t expect an answer until the new year.

3 Likes
#7

@oSoMoN, I’m looking forward to cooperating with you after the holiday season …

2 Likes
#8

Just saw this and ran “ubuntu-security-status” on my 20.04.3 system. Seeing the same result so I’m going to follow this thread to see what’s going on.

1 Like
#9

Ubuntu 20.04.3 LTS Focal Fossa Changes August 26, 2021 April 2025 April 2030
ESM will start after April 2025.
All security Updates will be through your regular updates prior to 2025.
The 10 security updates are through your regular updates.
The 152 packages that will need ESM in 2025 is True. For now is covered through your regular updates until then in 2025.

1 Like
#10
  • I wish, hope and think that you are right - but want it confirmed by an Ubuntu ‘insider’.
  • The text printed by ubuntu-security-status should describe the real situation and be understood by normal end users (many of us are not very good at English, so we need straightforward expressions).
4 Likes
#11

The message is correct insofar as several updates are available in the ESM Apps repository (as you can see yourself by looking at the Packages file). It will start making sense once ESM Apps has been launched. We are investigating some improvements to the messaging.

In the meantime, I hope it suffices to say that there is no accident where regular security updates were pushed in the wrong repository or a reduction in security support for packages: Packages in main get security support, packages in universe and multiverse still do not have support, but may get community contributed security updates.

4 Likes
#12

Hello all,
I sent a patch to the bug that hides the information about ESM-Apps while it is in beta state unless the user has explicitly enabled it.
This matches the behavior that UA Client has about the updates.

Please let me know if it is acceptable, or if there is anything else we can do to help.

3 Likes