You know, Ubuntu support is confusing. When I write ubuntu-support-status, it keeps telling me I have unsupported packages on 16.04. I regularly do update. I've learned Canonical leave these packages to focus on development. But I think it's dangerous. If package is not being maintained anymore then it's a security flaw. Even on mailing list (IRC) people explained me Ubuntu support stuff but it seemed a bit annoying for me because it seemed I was right to worry.

How secure is Ubuntu compared to Arch, Fedora, openSUSE or Debian like other distros ?

Note: Yeah, I've Googled it first many times and I've seen lots of similar questions on Google but most people asked wrong question or some people gave irrevelant answers so I felt like to ask it for myself.I couldn't get a good answer for my question. Please, I just want your opinion about it.

Do you have a specific concern about a specific package? That might be a good starting point for a conversation.

Generally speaking, Ubuntu has an excellent reputation for security and is widely used in business, science, education, government, etc. Here are some good resources to start learning about security in Ubuntu: https://ubuntuforums.org/showthread.php?t=510812

Any specific questions, i.e. specific threats that concern you, or specific packages that you are looking for instructions to bring up-to-date?

1 members found this post helpful.

and around 19.04 (the next LTS release) we'll have or should have zero.

Something wrong?
Are they packages you installed?

No, I don't have a specific package in my mind. I'm talking system wide security. I've checked from my mom's laptop and felt stupid;

Unsupported packages;
Gstreamer, libavcodecs, unrar, ttf-mscorefonts, unity-tweak, compizconfig, ubuntu-restricted like :/

I guess this is because of legal issues, right ?

A package might be old, therefore "unsupported," and still work just fine. (ttf-mscorefonts is a great example, because it consists of TrueType™ Fonts!)

You need to do a little research to see if any security vulnerabilities have been reported in the packages that you use. If there is a more recent version of any package then it's probably a good idea to upgrade to it.

I think "sudo ubuntu-support-status --show-unsupported" reports all packages installed through a 3rd party repository. My system is up-to-date and the command reports mariadb-* mythtv-* and so on as unsupported. Most, if not all of them, are installed through a PPA.

output please.

The "restricted" is a fair and reasonable deduction.
+1
tho' not all packages fall into that category?

For any package, you can use 'apt-cache policy' to learn more. For example:

By default, Ubuntu only installs software from the Main repository of Canonical-supported open source application. Because open source is all about freedom, the user is free to install unsupported software from other repositories including Universe, Restricted, Multiverse, and various third-party PPAs. I bet if you do an 'apt-cache policy' for each of the packages you mentioned, you will see they don't come from the Canonical-supported Main repository, they come from some other repository, and that is why they are showing as unsupported. For example Microsoft fonts, why should Canonical list that as "supported" by them when it is a closed source proprietary Microsoft product provided as-is?

More info here about Ubuntu repositories: https://help.ubuntu.com/community/Repositories/Ubuntu

1 members found this post helpful.

Thanks for your attention/information. My mind is clear now and I got all answers I wanted. Thanks for great support, have a nice day

Go TeamLQ!

1 members found this post helpful.