Ubuntu, LTS, supported packages and security

Good morning,

I’m playing around Docker and ERPNext, based on existing work and projects. I had troubles with Ansible playbook on Debian Jessie and CentOS7, somewhere around bench init. I had been successful with Ubuntu.

Problem with Ubuntu is that, as you may know, Ubuntu LTS versions only support a subset of available packages during 5 years. Many others are supported 3 years or, worst, only 9 months after the release.

It seems that few dozens of bench required packages are only supported 9 months, opening them to security flaws and issues (even on Ubuntu 16.04). I’ve not found a list of supported packages from Ubuntu and methods to list unsupported ones are tricky.

What do you think about that ? Maybe betting on Debian may be a good alternative (as Debian now has 5 years serious support for the whole repository…) ?

Thanks for reading.

interesting, wasn’t aware ubn LTS was only partial. If what you say is as you say I guess debian was the way to go.

Yes, few people knows about that, as it is not advertised. There are some articles talking about it : only the main repository are long term supported (no packages from universe / multiverse).

I may try to get a list of bench / frappé installed packages that are not supported by LTS to see if they represent a potential security damage but yes, as Debian now supports their whole repository for 5 years on i386, amd64, armel and armhf, it can be a good thing to ensure Frappé working on this distribution.