[markshuttle]

Not true.

The Canonical security team and wider Ubuntu contributors will still make best efforts to update universe. Neither the team nor I are interested in degrading a prior experience for our free users. We know what the criteria were for those best-effort universe updates, and they remain unchanged.

What's changed is that there is now a much larger team that will systematically fix every high and critical vulnerability in universe, with an SLA. That's a huge improvement, it's great for enterprise users, it enables people to use Ubuntu in regulated and mission-critical environments. It also makes me very happy that we give it free for personal use on 5 machines.

[josephcsible]

If Canonical is doing all the work to make the updated packages, but is then withholding most of them from the free universe repo, how is that "best effort"?

[markshuttle]

We have a set of criteria for things we always did in universe, and we'll keep doing those things, as will other members of the Ubuntu community. Even without Pro you are better off using Ubuntu than another free distro if you care about security updates- there are more free updates, even in universe, than in equivalent open-ended repos anywhere else. Pro just makes that open-ended repo much better, and adds an SLA for people who have to report on security patch compliance.

Over the years, companies have started asking us to do more for them in universe, and now that body of work is available to all customers. We are making it freely available to you and others under a personal subscription. I think that's rather elegant, I hope more and more companies see Ubuntu Pro as a very cost-effective way to get full compliance for their estates, and I hope we can keep growing the set of things we make available for free as a result.

If you look at the range of packages covered, and the numbers of issues addressed, it's way, way more than any other enterprise Linux offering. If it were possible to provide enterprises with this level of security update coverage for free, then I'm sure someone would have figured out how to do that. I couldn't figure out how to fund full security coverage of universe without having customers for that work. In the end, I think the Ubuntu Pro free personal subscription is a very nice way to balance what are ultimately conflicting desires between people who quite understandably want more and more for free, and people who are able to buy the work that they need.