[20:35] <X7> If a package is maintained by MOTU, does this mean it doesn't have a single person maintaining it, but a whole group?
[20:37] <Unit193> Well, kinda really means it has no maintainer and just relies on syncs from Debian unless there's 'ubuntu' in the version.  Ubuntu as a whole operates under group/team maintaining packages though.  Eg, the server team has a set they're interested in.
[20:37] <Unit193> MOTU is basically a catch all, so unless someone has a specific interest they could often go neglected.
[20:39] <X7> Well some packages that are orphaned in debian are listed as MOTU developers as maintainers. Is that the same thing as saying that it's orphaned also? Because I don't like how debian maintainers can just drop it whenever even during a lifecycle of an OS release.
[20:42] <Unit193> Orphaned in Debian means everyone is free to upload, so basically means the same as MOTU in Ubuntu.
[20:46] <X7> I don't know if you can answer this, but if I paid for ubuntu pro, I'm no longer getting it from the community who may not be actually maintaining it, but I'm guaranteed support from canonical directly?
[20:47] <Unit193> Nope, not as far as I'm aware.  Canonical only covers main and restricted AFAIK.
[20:50] <Unit193> (Note: I'm not a core dev, I only have access to upload to universe.  But that does mean I've been around a little. :P)  In practice I *think* the security team sometimes convers something in universe, but don't quote me on that.
[20:58] <tumbleweed> you get no guarantees
[20:59] <X7> Unless I pay for the full pro subscription which includes security patches for universe tumbleweed. Only $25 dollars for one desktop? Not a bad deal.
[21:02] <rbasak> https://ubuntu.com/pro says it includes universe.
[21:02] <tumbleweed> it doesn't say the whole of universe, though
[21:02] <rbasak> https://ubuntu.com/legal/ubuntu-pro-description
[21:03] <rbasak> "Full Ubuntu Pro subscriptions also cover packages in the Ubuntu Universe repository between the Release date and End of Life. This coverage is not included in Ubuntu Pro (Infra-only) subcriptions, with or without support."
[21:03] <tumbleweed> cool :)
[21:04] <X7> It's sad to say, but volunteers simply don't have the resources or manpower to maintain an OS. That's why your only sane choices are either red hat or ubuntu because they have corporate backing.
[21:04] <tumbleweed> still "best effort", but it has to be, really
[21:04] <X7> There's 3 different tiers for pro, you have to pay for the highest one to no longer be best effort.
[21:04] <tumbleweed> X7: this is just security support, not everything it takes to maintain an OS
[21:04] <tumbleweed> generally there hasn't been that much community involvement in security
[21:05] <tumbleweed> a little more in OS development, but still not really enough to maintain universe properly
[21:08] <tumbleweed> it's a complex thing. volunteers generally don't have the resources to make commitments far into the future, especially for work that's not "fun". And companies don't have the resources to "waste" on things outside the areas they decide to focus their energy. And these focusses shift. So, to make it all work, you need a bit of both
[21:28] <Unit193> Gets even more fun when you file a security bug, attach a debdiff, then months go by and you still haven't heard anything. \o/
[21:31] <rbasak> :-(
[21:31] <rbasak> Any of those still outstanding?
[21:32] <Unit193> Yeah but I lost all interest in it, so no point following up.  I think Jammy was released since, so new LTS.
[21:32] <rbasak> If it happens again, please let me know and I'll chase.
[21:34] <Unit193> https://bugs.launchpad.net/ubuntu/+source/atheme-services/+bug/1960097 no longer affects current LTS, I might as well close it.
[21:34] -ubottu:#ubuntu-motu- Launchpad bug 1960097 in atheme-services (Ubuntu) "atheme-services impersonation vulnerability" [Undecided, New]
[21:36] <rbasak> ~ubuntu-security-sponsors wasn't subscribed to that.
[21:36] <rbasak> So it won't have shown up in the securty sponsorship queue
[21:36] <rbasak> https://wiki.ubuntu.com/SecurityTeam/SponsorsQueue has details
[21:36] <Unit193> So I picked the wrong security thing to subscribe, nice.  User error, OK.
[21:37] <rbasak> Either way, please do chase when needed. Chasing will also identify user errors :)
[21:37] <Unit193> FWIW icecast2 uploads have always been accepted.
[21:48] <tumbleweed> rbasak: I have one that they are subscribed to :)
[21:48] <tumbleweed> but I chased last week, so I'll wait a little longer
[21:52] <Unit193> (FWIW, I had followed up on IRC on that bug.  Anyway.)