On Sun, 10 Dec 2017 12:05:14 -0500, jonetsu wrote:
I choose a long term release so it can stay the same
for years, eg.
getting security updates for maybe 4 years or more so no need to fully
update.
This is not correct, security upgrades are not supported for every
repository [1], let alone that there could be regressions for security
reasons. For example claws-mail-fancy-plugin is from universe [2] as
well as it's hard dependency libwebkitgtk [3]. If it would be granted
that universe would receive security upgrades, than libwebkitgtk would
get dropped and anything depending on it, as e.g.
claws-mail-fancy-plugin, too.
If you need security you better go with a real rolling release
(Debian sid isn't a real rolling release, since it does freeze from time
to time) or you only install packages from an Ubuntu repository that is
maintained by the Ubuntu security team.
Arch Linux is a real rolling release and provides tools, such as e.g.
arch-audit [4], while Ubuntu seems not to provide such tools, it at
least provides a website [5], but than again, keep in mind that by the
Ubuntu policy not all repositories are maintained by the Ubuntu
security team.
[1]
https://help.ubuntu.com/community/Repositories
[2]
https://packages.ubuntu.com/xenial/claws-mail-fancy-plugin
[3]
https://packages.ubuntu.com/xenial/libwebkitgtk-1.0-0
[4] [rocketmouse@archlinux ~]$ arch-audit --upgradable
Package openssl-1.0 is affected by CVE-2017-3736, CVE-2017-3735. Medium risk!. Update to
1.0.2.m-1 from testing repos!
Package perl-xml-libxml is affected by CVE-2017-10672. High risk!
[5]
https://usn.ubuntu.com/usn/