ubuntu-support-status returns inaccurate information

Bug #1574670 reported by Marc Deslauriers on 2016-04-25
350
This bug affects 11 people
Affects Status Importance Assigned to Milestone
update-manager (Ubuntu)
High
Adam Conrad
Precise
Undecided
Unassigned
Trusty
Undecided
Unassigned
Wily
Undecided
Unassigned
Xenial
High
Unassigned
Yakkety
Undecided
Unassigned
Artful
High
Adam Conrad

Bug Description

ubuntu-support-status returns inaccurate and misleading information.

It uses the Supported field in the Packages file which hasn't been used or updated since Ubuntu 10.04 LTS and earlier releases when we had a 3 year/5 year support split between desktop and server. (See https://wiki.ubuntu.com/SecurityTeam/FAQ#Official%20Support)

It also uses the term "unsupported" instead of "community-supported" which doesn't accurately portray the status of universe packages.

This tool should be rewritten to return more accurate results, or simply removed completely.

Changed in update-manager (Ubuntu Precise):
status: New → Confirmed
Changed in update-manager (Ubuntu Trusty):
status: New → Confirmed
Changed in update-manager (Ubuntu Wily):
status: New → Confirmed
Changed in update-manager (Ubuntu Xenial):
status: New → Confirmed
Changed in update-manager (Ubuntu Yakkety):
status: New → Confirmed
Pjotr12345 (computertip) wrote :

Thanks for taking this matter up. Please provide a rewritten tool that does give accurate information....

This issue has already created worries on several Linux fora, as a consequence of this article in a reputable German IT magazine:
http://www.heise.de/ct/artikel/Ubuntu-LTS-Langzeitpflege-gibt-es-nur-fuer-das-Wichtigste-3179960.html

If German is not your strong point: the article accuses Ubuntu of breaking its LTS promise, mainly on the basis of the output of ubuntu-support-status.

It would help a lot to rebuild confidence in Ubuntu LTS support, if we would have a rewritten tool that does give correct information about the support timespan for the installed packages in Ubuntu.

Soul-Sing (soulzing) wrote :

@Marc:"Short answer: don't use ubuntu-support-status, it doesn't work."
Would you be so kind to elaborate this answer?

Marc Deslauriers (mdeslaur) wrote :

As described in the description of this bug, it uses the Supported field in the Packages file which doesn't contain accurate information for now. The output of the tool is therefore wrong.

We are looking into updating the Supported field for Ubuntu 16.04, and releasing an updated ubuntu-support-status tool for earlier releases that will return accurate information.

Pjotr12345 (computertip) wrote :

Thanks for the information about the progress. This matter has the potential of generating a lot of unnecessary bad publicity (it already did so in Germany), so hopefully you guys will be able to fix it quickly.... :-)

Thorsten Leemhuis (thleemhuis) wrote :

@Marc: You wrote "The output of the tool is therefore wrong."
Then it might be a good idea to update http://www.ubuntu.com/info/release-end-of-life, as that's a very prominent place that suggest to use this tool (to Quote: """[…]
This command will print the exact status of your system.
$ ubuntu-support-status """

Brian Murray (brian-murray) wrote :

The supported field for Yakkety is correct, so I'm setting that task to Fix Released.

bdmurray@bizarro:~$ zgrep Supported: /mnt/storage/archive-mirror/dists/yakkety/main/binary-amd64/Packages.gz | sort | uniq -c
   7414 Supported: 9m
bdmurray@bizarro:~$ zgrep -c ^Package: /mnt/storage/archive-mirror/dists/yakkety/main/binary-amd64/Packages.gz
7414

Changed in update-manager (Ubuntu Yakkety):
status: Confirmed → Fix Released
Marc Deslauriers (mdeslaur) wrote :

I'm not sure the supported field for Yakkety is in fact correct...it shows universe packages as being supported:

$ zgrep Supported: yakkety/universe/binary-amd64/Packages.gz | sort | uniq -c
     13 Supported: 9m

Moritz (moritz-naumann) wrote :

From a user perspective, ubuntu-support-status has not just been not working, but has been providing false / misleading information across the past two or three LTS releases. There is no hint on this fact available anywhere but no this bug report. Plus (to my knowledge) there is no other utility which provides reliable information on a systems' support status.

As a user, this provides me with discomfort. Maybe, as a first step, it would be good to SRU a patch which just suggests to take the utilities' output with a grain of salt?

Nish Aravamudan (nacc) on 2017-06-29
Changed in update-manager (Ubuntu):
status: Fix Released → Confirmed
Changed in update-manager (Ubuntu Yakkety):
status: Fix Released → Confirmed
Scott Moser (smoser) wrote :

I just stumbled across this in bug 1701312.
I'd like to point out that the tool claims there are unsupported packages installed by default in our official Ubuntu Images (lxd or other) in the current LTS. That seems to add to the gravity of the issue.

Changed in update-manager (Ubuntu Xenial):
importance: Undecided → High
Achim Behrens (k1l) wrote :

The issue seems to be, that ubuntu-support-status reads the package information about support timeframe and some maintainers get confused or mix or forget to set the proper timeframe for the LTS releases to 5 years (for the main repo).

On a 16.04 machine it lists python-dbg as unsupported. the reason is its set to 9month support:

> apt show python-dbg
Package: python-dbg
Version: 2.7.11-1
Priority: extra
Section: python
Source: python-defaults
Origin: Ubuntu
Maintainer: Ubuntu Developers <email address hidden>
Original-Maintainer: Matthias Klose <email address hidden>
Bugs: https://bugs.launchpad.net/ubuntu/+filebug
Installed-Size: 25,6 kB
Depends: python (= 2.7.11-1), libpython-dbg (= 2.7.11-1), python2.7-dbg (>= 2.7.11-1~)
Homepage: http://www.python.org/
Supported: 9m
Download-Size: 1.252 B
APT-Sources: http://de.archive.ubuntu.com/ubuntu xenial/main amd64 Packages
Description: Debugversion des Python-Interpreters (Version 2.7)
 Dieser Python-Interpreter wurde mit --pydebug konfiguriert. Dynamisch
 ladbare Module sucht er zuerst in /usr/lib/python2.7/lib-dynload/debug.

So what is the correct path now? file bugs for every Package where the maintainers set the Support timeframe to 9 months?

tags: added: rls-aa-incoming
Achim Behrens (k1l) wrote :

I marked the bugreports for packages affected by this on my system as duplicates:
Bug #1710718
Bug #1710719
Bug #1710720
Bug #1710721

Steve Langasek (vorlon) on 2017-08-17
Changed in update-manager (Ubuntu):
importance: Undecided → High
Changed in update-manager (Ubuntu Yakkety):
status: Confirmed → Won't Fix
Changed in update-manager (Ubuntu Wily):
status: Confirmed → Won't Fix
Changed in update-manager (Ubuntu Precise):
status: Confirmed → Won't Fix
Steve Langasek (vorlon) on 2017-08-24
tags: removed: rls-aa-incoming
Changed in update-manager (Ubuntu Artful):
assignee: nobody → Brian Murray (brian-murray)
assignee: Brian Murray (brian-murray) → Adam Conrad (adconrad)
tags: added: id-5995b3994d7b93bc9b37fad9
Marc Deslauriers (mdeslaur) wrote :
Marc Deslauriers (mdeslaur) wrote :
Marc Deslauriers (mdeslaur) wrote :
Marc Deslauriers (mdeslaur) wrote :
Marc Deslauriers (mdeslaur) wrote :
Marc Deslauriers (mdeslaur) wrote :

(need to s/supported_by_who/supported_by_whom/ or supported_by in final version of fix) (Thanks ratliff!)

tags: added: patch
Brian Murray (brian-murray) wrote :

This looks fine to me but I thought our intent was to fix it in the archive. I'll bring this up with the Foundations team tomorrow.

Marc Deslauriers (mdeslaur) wrote :

I'm only overriding the archive Supported tags in trusty and xenial. I was told we couldn't regenerate the release pocket to fix it.

To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers