this post was submitted on 23 Nov 2025
767 points (98.4% liked)
linuxmemes
28106 readers
977 users here now
Hint: :q!
Sister communities:
Community rules (click to expand)
1. Follow the site-wide rules
- Instance-wide TOS: https://legal.lemmy.world/tos/
- Lemmy code of conduct: https://join-lemmy.org/docs/code_of_conduct.html
2. Be civil
- Understand the difference between a joke and an insult.
- Do not harrass or attack users for any reason. This includes using blanket terms, like "every user of thing".
- Don't get baited into back-and-forth insults. We are not animals.
- Leave remarks of "peasantry" to the PCMR community. If you dislike an OS/service/application, attack the thing you dislike, not the individuals who use it. Some people may not have a choice.
- Bigotry will not be tolerated.
3. Post Linux-related content
- Including Unix and BSD.
- Non-Linux content is acceptable as long as it makes a reference to Linux. For example, the poorly made mockery of
sudoin Windows. - No porn, no politics, no trolling or ragebaiting.
4. No recent reposts
- Everybody uses Arch btw, can't quit Vim, <loves/tolerates/hates> systemd, and wants to interject for a moment. You can stop now.
5. π¬π§ Language/ΡΠ·ΡΠΊ/Sprache
- This is primarily an English-speaking community. π¬π§π¦πΊπΊπΈ
- Comments written in other languages are allowed.
- The substance of a post should be comprehensible for people who only speak English.
- Titles and post bodies written in other languages will be allowed, but only as long as the above rule is observed.
6. (NEW!) Regarding public figures
We all have our opinions, and certain public figures can be divisive. Keep in mind that this is a community for memes and light-hearted fun, not for airing grievances or leveling accusations. - Keep discussions polite and free of disparagement.
- We are never in possession of all of the facts. Defamatory comments will not be tolerated.
- Discussions that get too heated will be locked and offending comments removed. Β
Please report posts and comments that break these rules!
Important: never execute code or follow advice that you don't understand or can't verify, especially here. The word of the day is credibility. This is a meme community -- even the most helpful comments might just be shitposts that can damage your system. Be aware, be smart, don't remove France.
founded 2 years ago
MODERATORS
you are viewing a single comment's thread
view the rest of the comments
view the rest of the comments
as far as I understand it, they aren't directly from upstream, canonical makes or backports those patches.
that's the whole point, subscribing gets you patches before the devs of the packages do for that version
Why would anyone want this?
to close security vulnerabilities on their servers faster
Exactly. But the corporations do it because it benefits them more than starting from scratch. They should release all changes to the central repository for all to consume as part of the agreement to get the benefit of the already created software. Not hold onto the patches to give them to their customers and people who pay them with their personal information.
Everything that's in
maingets released to everyone with the security fixes. Canonical's security team works on those.The stuff in the
universerepo is owned by the Ubuntu community (not by Canonical), so anyone can submit those fixes, but it depends on the Masters of the Universe, who are all volunteers, to get it upstreamed.The extra Ubuntu Pro updates for the
universerepo come from when someone who's paying for Ubuntu Pro asks Canonical to make a patch. The source is still available to anyone, so someone could take that patch and then submit it to the community who maintains theuniverserepo.Once the 5 years of standard support ends, then the only way to get additional fixes is through Ubuntu Pro, but if Canonical writes those fixes they also submit them back upstream (as opposed to if they grab a specific patch from upstream β and even then it's still available on Launchpad regardless.
The reason nobody's made a CentOS but for Ubuntu Pro is that it's way easier to submit the patches through the community (and become part of that community who approves packages) than it is to spin up all the infrastructure that would be needed.
But why are the patches kept separate at all. Especially if it's a copyleft licensed code they're patching. Many of those require release of the code. And the spirit of that was to make companies who profit off of the code release anything they add as they add it. Otherwise, they're welcome to instead of taking open source code and patching it, creating closed source code from scratch without using any of the code from the open source version and selling that. It's very simple. The license says, you want this code, you're welcome to it, but release any fixes or improvements you make do we all benefit, not just developers, but users all benefit. If they keep it locked up, even if they release it as a patch that's not accessible to the large majority of users, then it's violating the spirit if in some cases not the letter of the license.
...that's not what they're doing though?
Those patches get either pulled from upstream or built in-house and shared to upstream. Just like in Debian, and just like in the regular Ubuntu releases, the package is based on some upstream version and then the deb packaging applies the patch sets as listed in the diff tarball.
Here's what the latest kernel for Ubuntu 26.04 look like: https://launchpad.net/ubuntu/+source/linux/6.17.0-6.6
Those same tarballs are available for any Ubuntu package by running
apt source <pkg>as long as you've configured the matchingdeb-srcrepositories.