On Sun, 10 Dec 2017 12:05:14 -0500, jonetsu wrote: >I choose a long term release so it can stay the same for years, eg. >getting security updates for maybe 4 years or more so no need to fully >update. This is not correct, security upgrades are not supported for every repository [1], let alone that there could be regressions for security reasons. For example claws-mail-fancy-plugin is from universe [2] as well as it's hard dependency libwebkitgtk [3]. If it would be granted that universe would receive security upgrades, than libwebkitgtk would get dropped and anything depending on it, as e.g. claws-mail-fancy-plugin, too. If you need security you better go with a real rolling release (Debian sid isn't a real rolling release, since it does freeze from time to time) or you only install packages from an Ubuntu repository that is maintained by the Ubuntu security team. Arch Linux is a real rolling release and provides tools, such as e.g. arch-audit [4], while Ubuntu seems not to provide such tools, it at least provides a website [5], but than again, keep in mind that by the Ubuntu policy not all repositories are maintained by the Ubuntu security team. [1] https://help.ubuntu.com/community/Repositories [2] https://packages.ubuntu.com/xenial/claws-mail-fancy-plugin [3] https://packages.ubuntu.com/xenial/libwebkitgtk-1.0-0 [4] [rocketmouse@archlinux ~]$ arch-audit --upgradable Package openssl-1.0 is affected by CVE-2017-3736, CVE-2017-3735. Medium risk!. Update to 1.0.2.m-1 from testing repos! Package perl-xml-libxml is affected by CVE-2017-10672. High risk! [5] https://usn.ubuntu.com/usn/ _______________________________________________ Linux-audio-user mailing list Linux-audio-user@xxxxxxxxxxxxxxxxxxxx https://lists.linuxaudio.org/listinfo/linux-audio-user
