[r4indeer]

What does this have to do with ImageMagick? They don't control the versions packaged by Canonical [0]. The bug you referenced is fixed in upstream, which you can access for free on GitHub.

Ubuntu users on 22.04 LTS or later are also unaffected, because the release came with a version that was already patched [1]. If you upgrade to a newer Ubuntu release, there is no need to pay for ESM.

Your comment makes it sound like the ImageMagick developers want money specifically from Ubuntu users to reveive security patches, which is not true.

[0] https://github.com/ImageMagick/ImageMagick/discussions/6805#...

[1] https://ubuntu.com/security/CVE-2022-48541

Edited to add some links.

[1letterunixname]

You appear to be leaping to the wrong conclusion. The problem is Canonical charging money for security updates. CentOS, Alma, Rocky, Fedora, Debian, openSUSE, Arch, and 300+ other Linux distros don't charge money for security updates either. The moral of the story is "Don't use enshitifying corporate Linux distros run by crazy people."

[r4indeer]

This still has nothing to do with the ImageMagick developers, which the original comment implies: "Compare [sic] to codesign, vulnerability management is more concerning."

You are free to criticize Canonical for their business model, but that seems off-topic to me right now.

[tremon]

The problem of Canonical charging money for security updates is off-topic when we're discussing ImageMagick's code-signing troubles on Windows.

[1letterunixname]

That's your opinion, and I don't care for your attempts to shut people down. Kindly control people on the rest of the internet. :peace: