0

I'm running Ubuntu 18.04 LTS, which has an EOL date of April 2023.
go1.10 is included as part of Ubuntu 18.04's main repository. This is already considered EOL. (https://endoflife.date/go)

According to https://ubuntu.com/about/release-cycle

The base system receives a commitment to public maintenance for the period where it is the current LTS or interim release and for a period thereafter.

This seems to indicate that go1.10 included with Ubuntu 18.04 is still "supported" as part of Ubuntu's LTS.

What does this mean in practice? Is the go1.10 package shipped with Ubuntu 18.04 still considered maintained? If there's a security vulnerability, does Canonical take responsibility for fixing it (either by updating the version available in the repo, or backporting fixes etc)?

sheepbrew
  • 227
  • 2
  • 3
  • 2
    Note that even skilled & experienced maintainers do not always get backports right & on time, so the question might not just be **if** it is supported by someone, but whether that **level of support** fits your threat model and tolerance for regressions. – anx Nov 13 '20 at 10:55

1 Answers1

2

It is common that distributions publish their own security patches regardless of the actual developers of the original software and this way extends the support. This support is typically limited to fixing security problems; using LTS means getting security fixes for a long time without getting any new features.

Esa Jokinen
  • 43,252
  • 2
  • 75
  • 122