[josephcsible]

> Canonical has never provided security updates for universe packages until this week

Is that true, though? Until now, wasn't it just that they weren't guaranteed? Didn't Canonical make security patches available in universe on a "best-effort" basis, or at least say they did?

[failsecure]

I'm not sure as I've never followed how OSS projects get patched w.r.t security in particular. I've always groaned at my employer for running EOL operating systems and tell them about upgrading to a supported OS to prevent getting into this type of situation.

My reasoning was that if we were running a supported version of $oss_project then we'd get security updated naturally.