Slashdot is powered by your submissions, so send in your scoop

 



Forgot your password?
typodupeerror
×
Ubuntu Linux

Ubuntu Linux LTS Releases Get Up To 12 Years of Support (betanews.com) 60

BrianFagioli shares a report from BetaNews: Canonical, the company behind the popular Ubuntu operating system, has announced a significant extension to the support lifecycle of its long-term support (LTS) releases. The new paid Legacy Support add-on for Ubuntu Pro subscribers will now provide security maintenance and support for an impressive 12 years, extending the previous 10-year commitment. This enhancement is available starting with Ubuntu 14.04 LTS and will benefit both enterprises and individual users who rely on the stability and security of Ubuntu for their critical systems. By default, Ubuntu LTS releases receive five years of standard security maintenance. However, with Ubuntu Pro, this is expanded to 10 years for both the main and universe repositories, offering access to a broader range of secure open-source software.

The Legacy Support add-on further extends this period by an additional two years, ensuring that organizations can maintain their systems with the latest security patches and support services without the immediate need to upgrade to a newer OS version. This is particularly beneficial for large, established production systems where transitioning to a new OS can be a complex and risky endeavor due to the potential need to update the entire software stack. The extended support includes continuous vulnerability management for critical, high, and medium Common Vulnerabilities and Exposures (CVEs) across all software packages shipped with Ubuntu. Canonical's security team actively backports crucial fixes to all supported Ubuntu LTS releases, providing peace of mind to users and enterprises. In addition to security maintenance, the Legacy Support add-on also offers phone and ticket support, enhancing Canonical's commitment to assisting customers with troubleshooting, break fixes, bug fixes, and guidance.

This discussion has been archived. No new comments can be posted.

Ubuntu Linux LTS Releases Get Up To 12 Years of Support

Comments Filter:
  • by OrangeTide ( 124937 ) on Monday March 25, 2024 @10:35PM (#64344999) Homepage Journal

    Oh it's free for personal use. And $25/year/machine for a business, with some breaks if you go with unlimited/VM subscription.

    So far it's less tedious than Red Hat and SuSE's subscription process. A useful free tier (registration required) on top of the already free zero support tier, that doesn't require anything special out of cheapskates like me is especially appreciated.

    • by thegarbz ( 1787294 ) on Tuesday March 26, 2024 @05:39AM (#64345393)

      I actually wonder what the point is of "free for personal use". Support means keeping a running system running. In 2024 a lot of users these days even of LTS releases will be chasing some software updates at some point which are not part of the standard supported PPAs. Once you start adding external package managers to the OS you defeat the purpose of the LTS release and invite package incompatibilities.

      Even if you are of the opinion that every app should be a Docker container in only a few short years you'll rapidly find that Docker itself has changed. E.g. try and follow any current installation guide for a Docker container and apply it to a Ubuntu 20.04 LTS release and you'll run into problems since Docker changed the way containers are started and stopped quite a few years ago.

      There's a cost to not upgrading, and personal users aren't the type to run mission critical systems supporting edge case hardware, nor tolerate out of date user facing applications. I think the target market for this may be limited.

      • by DarkOx ( 621550 )

        I was thinking the same thing. This is really only 'useful' for stuff like machine controls, test equipment, and maybe in some cases enterprise servers.

        For every other case you'll be left behind in terms of the platform requirements to run any contemporary package. Which in practical terms mean you won't be interacting with the rest of the world. Try browsing the web with a Chrome or Firefox more than couple years old for example... Ditto for any documents anyone sends you etc.

        Heck a lot of larger projec

      • by Junta ( 36770 )

        Back in mid 2018 we had a some people declaring they needed to run Ubuntu 18.04, and asking if the IT team would support them, because RHEL 7 was hopelessly out of date and they needed everything down to the kernel to keep up to date with the latest and greatest, and it was embarrassingly bad to be running distribution based on 4 year old cold. They were told sure, subject to self-administration with some auditing.

        Now in 2024, they have been out of compliance for a year because they don't have the budget fo

        • by tlhIngan ( 30335 )

          We needed to stay on various ancient LTS versions because they were required to build older projects. This was getting to be a problem - in 2018 it was hard enough to find hardware that would run vanilla 14.04 without issues. The hardware had simply moved on too much. Imagine having to buy a beefy laptop only to have to hook up external mice and Ethernet because there was no support for the built in touchpad, wifi and other devices.

          And yet, that was the reality - we needed 14.04 as that's what Android requi

        • That is what Docker is for. I can run Ubuntu 16 stuff in a container. On the other hand, the Linux ABI is relatively stable, I rarely had an issue running stuff on newer versions especially once vendor support has already gone out the window.

          • 80% of the time it works 100% of the time. But seriously, Docker, podman, K8s, etc are a great way to deal with running apps tied to a distro. You still have security concerns if you've fallen off the distro vendor's support schedule. While the security issues might only be isolated to that container, in practice a customer's useful information is exposed by your app running in an insecure environment. So hardly better than running an old unsupported distro on bare metal versus in a container.

          • by Junta ( 36770 )

            Double edged sword. A decent practice, but it also triggers even worse dependency refresh discipline because "whew, it's in a container now, we don't have to worry about security anymore", which is wrong, yet a prevailing sentiment.

            • by guruevi ( 827432 )

              You can build safeguards around it now, there is always nGINX and other app firewalls. The app inherently doesn't have to be insecure, it's just all its dependencies are but you can handle eg. TLS in ultra-modern containers.

              • by Junta ( 36770 )

                You can around *certain* things. Yes, you can force TLS termination to happen outside of the applications, mitigating the risk that OpenSSL vulnerabilities are your problem. However TLS vulnerabilities are not the only vulnerabities that may afflict a service. Also, depending on how things are, you might terminate TLS too early and open up gaps that a security person would frown upon where there's no protection. Don't know how actionable those gaps would actually be in typical scenarios, but it certainly r

                • by guruevi ( 827432 )

                  Hence why you build an app firewall, if things go outside the parameters (if you're only expecting POST/GET) you don't need to handle potential exploits. Most of the time the issues is in a library and in most cases you can catch these issues or isolate them.

        • ESM (expanded security maintenced) should take 18.04 users through 2027 [ubuntu.com]. I think if it is important to your business, then you should be paying your Linux vendor (Canonical in this case). Hardware Enablement (HWE) kernels also let you bring software stacks onto new hardware, and in some cases you pick up security fixes and performance improvements that are in newer kernels. But limited support for newer kernel features without a new glibc version (but that's OK if you're intentionally running on an old rele

          • by Junta ( 36770 )

            Even if they paid for the security updates, they are still fundamentally screwed because the third party applications they use no longer offer updates that support it either.

            They started at a place of looking down on "old software" and are now the worst offenders for demanding stale old software (even though 99.999% chance the upgrade would do them just fine, just blind fear and uncertainty around their "image".

        • I think you missed my point - that non-business consumers won't need this. It doesn't sound like your scenario would fall under "free for personal use" and would still be subject to the cost of LTS support agreements.

          • by Junta ( 36770 )

            I know, I was adding on that even the paying audience is ususally doing themselves a disservice by being too scared to update.

    • that doesn't require anything special out of cheapskates like me is especially appreciated.

      Fuck no, now I'm never going to upgrade. I am this guy:

      https://xkcd.com/1328/ [xkcd.com]

      At least I was forced to upgrade before :(

      • I'm still running Lubuntu on my EeePC 701. I can't be bothered to upgrade my toys, because more than likely they'd just break.

        If someone is paying me, then sure. I'll dive in and spend hours and hours with this Linux installation bullshit.

        • I'm still running Lubuntu on my EeePC 701.

          How is that? They keyboard in my 900 kinda conked out, so I've not used it recently. It was getting a bit long in the tooth a number of years ago.

          If someone is paying me, then sure.

          No one pays me to not get pwn3d on the internet but I do not wish to be.

          I'll dive in and spend hours and hours with this Linux installation bullshit.

          Hours?

          • Hours?

            My typical estimate is that one machine takes 0-5 hours. 0 if the machine has flawless support. More if I want something minor to work on it like audio playback.
            And if someone is paying me, it's not one machine, it's dozens to hundreds.

            • I've not had an audio problem in years. Come to think of it, I don't think I've had a machine without flawless support in years (I go with laptops officially supported by their manufacturer), and desktops just work.

              I always do a bit of research before dropping a bunch of cash on something.

              But like I said, I keep my own machines patched for free because no one pays me to not get pwn3d.

  • will they back port drivers / kernel drivers?

    • will they back port drivers / kernel drivers?

      For some degree. There is HWE stacks, which provide newer kernel/drivers for older LTS releases.

      https://wiki.ubuntu.com/Kernel... [ubuntu.com]

    • by Junta ( 36770 )

      Ubuntu does not do that, they instead release new kernels for old distributions, with the generally accurate assumption that the kernel is sufficiently good at backwards compatibility, even LTS sensitive folks can tolerate changes. Though at a glance it doesn't look like they promise HWE type updates into the "pro-only" phase, they switch to security updates only.

      For those that are too scared of even that, there is the default kernel, which will be old and not able to support newer hardware, but if the user

  • What? (Score:5, Interesting)

    by Anonymous Coward on Monday March 25, 2024 @10:48PM (#64345013)
    I'm still stunned that some businesses pay for Linux.

    I'm not large, but I run several thousand Linux and BSD machines in the healthcare world.
    We don't pay a cent for operating systems or the software we run with the exception of:
    * A few Windows licenses for VMs we can't avoid using
    * Two VMs in the cloud ($40/mo) where one is a bastion host and the other is accessible over a private network from the first one. Both boxes only have SSH open.

    It's pretty trivial to avoid using an ancient version of the OS too...every few years we test with new hardware and the latest version of the OS, then start rolling out upgrades.

    Seriously...who in the fuck pays to stay on seriously outdated operating systems? Pacemaker manufacturers?
    • Re:What? (Score:5, Insightful)

      by ctilsie242 ( 4841247 ) on Monday March 25, 2024 @10:54PM (#64345019)

      One of the biggest fights to have Linux in the enterprise is having 24/7/365 commercial support. This may not be used, but it makes the bean counters happy. This is also why Red Hat was a single player in a lot of enterprises, after 2001, when "consultants" would rip out all Linux stuff wholesale, screaming, "This isn't SOX compliant".

      Companies want support agreements. Mainly for a "throat to choke" if things are down, and they need a bug fixed ASAP, something that may not be possible otherwise.

      Of course, a lot of environments don't care for this, but many companies, and almost all the big guys, this is a major barrier. Having 24/7/365 support is why Proxmox and XCP-NG have not been widely adopted in the enterprise.

      • by Anonymous Coward

        Companies want support agreements. Mainly for a "throat to choke" if things are down, and they need a bug fixed ASAP, something that may not be possible otherwise.

        You'll probably find that's for cyberinsurance. Cyberinsurance companies are bigger scumbags than even regular run-of-the-mill insurance companies and will conduct a full audit every time you try to make a claim. If they find a single system that hasn't got all of the patches for known CVEs they'll torpedo your entire policy, even if that system

    • Re: (Score:3, Insightful)

      by bradley13 ( 1118935 )

      I'm still stunned that some businesses pay for Linux. I run several thousand Linux and BSD machines in the healthcare world. We don't pay a cent for operating systems

      You are a problem. You are a leech. A parasite.

      I understand individuals and small businesses not paying. You run "several thousand" machines? Linux brings an enormous value to your business. You should pay for it: buy, donate, whatever.

      • No. The license means what it says. The people who contribute that code have done so with no expectation of end users paying. There are no terms other than the explicit ones. They don't need you shaming people to do something they didn't request.

    • Is the healthcare world fine with running software with zero commercial support?

      I thought they were one of those which require everything to have support so that at worst they can pass the buck, even if the commercial support is useless?

  • I know that Ubuntu 23.10 has support for booting and unlocking the root filesystem via LUKS. I'm hoping this makes into the server and desktop versions of the next LTS release, and it offers the ability to choose one's root filesystem for this.

    Having autoboot FDE is something critical for a lot of server applications, especially servers where it isn't permitted to use a Tang/Clevis server to unlock drives on boot. Yes, it does have its weaknesses, like TPM sniffing, but those are mostly handled by modern

    • Itâ(TM)s been there since Ubuntu 18 at the very least with some minor modifications for FDE+TPM. 22 had systemd-cryptenroll which does TPM or Tang enrollment of your boot-time LUKS2 container and Secure Boot has been there as well.

      What has changed is that they now have the option as a checkbox during the installation.

      • That checkbox during installation is the big part. Just to make it easier to do at install time, rather than a lot of manual overhead.

  • Nooooo (Score:2, Funny)

    by backslashdot ( 95548 )

    This sucks for IT having to maintain a bunch of different OS versions. Used to be they could force people to upgrade. I'll bet some big corporate CIO who wanted to save pennies in the short term until his stocks vest or he's promoted to CEO is behind pressuring Ubuntu into this.

    • by Anonymous Coward
      I gather that is sarcasm lol. longer LTS is only a positive.
    • This sucks for IT having to maintain a bunch of different OS versions.

      Seriously?

      Look: I upgrade most of the stuff I manage to each new LTS release. But sometimes you have that famous situation: "Never touch a running system." I have one machine still running an older Ubuntu version. It has various services running, and getting those services running again after a major upgrade is...not easy. Why waste the time? They work, the old LTS version is still supported - It is far better to leave them untouched for as along as possible.

    • by Junta ( 36770 )

      IT doesn't have to hold to the same commitments that the vendor does, they can discontinue support if it doesn't fit their needs.

      In fact, there are likely things that make the platform unsupportable even if Ubuntu supports it. For example, recently I was able to concretely force a team to finally do a 'do-release-upgrade' because they run gitlab and gitlab stopped doing any updates for their chosen LTS version, and thus there was no proper way to apply updates for Gitlab's vulnerabilities of the week anymo

  • Does the OP mean Ubuntu 24.04 LTS?
    • by Anonymous Coward

      from TFA:

      For organizations running systems on Ubuntu 14.04 LTS Trusty Tahr, the availability of Legacy Support means they can now plan for an additional two years of security maintenance and support

  • by ledow ( 319597 ) on Tuesday March 26, 2024 @08:45AM (#64345717) Homepage

    I ain't paying for Linux.

    You can really, really, really stop trying.

    Especially when all I'm paying for is someone to recompile a new package on an old machine that was working absolutely fine before they decided to "cut off" package updates.

    This is one of the reasons why my preferred package manager is ".\configure; make; make install".

    I installed Ubuntu on three machines last week - and none of them are commercial machines, none of them need a subscription or account, and all of them had the packages, MOTD, etc. associated with these services ripped out.

    By all means offer a corporate support service. But if you want to do that, don't spam your free product with adverts for your paid-for product. RedHat/CentOS/Fedora all over again.

    I would literally rather roll-my-own if this is the way other distros go too... because then maybe I can turn off most of this systemd shite too. Spent 20 minutes the other day working out why I couldn't just kill GPSd and move it to another port after having changed the configuration - and it's because systemd ingratiates itself even into simple services like that to auto-start them as you touch the port you intend to use or insert a device, and that uses entirely different configuration files. Did we learn NOTHING from Autoplay?

    All Ubuntu pushing this stuff down my throat constantly does is put me off using Ubuntu entirely - including professionally.

    It is ironic that I started many years ago with Slackware as a desktop, then moved to Slackware for servers (predictability and control), then changed to Ubuntu for desktop (simplicity), then changed to Ubuntu for servers (simplicity and control), and now would really move back to Slackware for servers (predictability and control) and other things entirely for desktop.

    My entire reason for using Linux is thus:

    - I want things to just do what I say, and work when I do that.

    That's it. That's the one, sole reason for my preference in that regard. If I kill a process, I want it to die. If I change a config, I want it to take effect immediately without having to reboot. If I want to rename a device, I just want it to happen (I once spent a day trying to rename a joystick device to always present as the first js0 device under systemd, and at the time it simply wasn't possible, it always just did whatever it felt). If I want systemd or an alternative, I expect to just be able to choose. If I want to install my own local DNS server, that's what happens.

    Don't even get me started on those software that demand I install them via snap/docker/etc. as their only way of doing so.

    Play ball, Ubuntu, or lose your customer base. Not "signing up" to get an extra two years and spamming you incessantly if you don't.

  • by nickovs ( 115935 ) on Tuesday March 26, 2024 @10:12AM (#64345973)

    Now you can put off by another two years the need to take a backup, type sudo do-release-upgrade and then have cup of tea while you wait! Yay!

    OK, I can appreciate the "if it's not broken, don't fix it" sentiment, but updating to the latest OS release is like going to the doctor for that strangely painful lump; the longer you wait, the worse it's going to be when you finally have to see to it.

  • No thanks.

There is no opinion so absurd that some philosopher will not express it. -- Marcus Tullius Cicero, "Ad familiares"

Working...