I upgraded from Lubuntu 20.04 to 22.04
I tried to upgrade to 24.04 which seems unavailable to me, but I am fine with that.
~$ sudo apt dist-upgrade
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
Calculating upgrade... Done
The following security updates require Ubuntu Pro with 'esm-infra' enabled:
python3.8-minimal libpython3.8-stdlib python-apt linux-generic-hwe-20.04
libssl1.1 python3.8 libpython3.8-minimal
Learn more about Ubuntu Pro at https://ubuntu.com/pro
0 to upgrade, 0 to newly install, 0 to remove and 0 not to upgrade.
This suggests that the 7 mentioned packages are outdated and present security risks, so I want to remove them. I verified that linux-generic-hwe-20.04 should be unnecessary by ensuring I have a newer version:
~$ dpkg -l | grep linux-generic-hwe
ii linux-generic-hwe-20.04 5.15.0.164.159 amd64 Complete Generic Linux kernel and headers (dummy transitional package)
ii linux-generic-hwe-22.04 6.8.0-90.91~22.04.1 amd64 Complete Generic Linux kernel and headers
I then attempted to remove linux-generic-hwe-20.04:
~$ sudo apt-get remove linux-generic-hwe-20.04
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
The following packages were automatically installed and are no longer required:
linux-generic-hwe-22.04 linux-headers-generic-hwe-22.04
Use 'sudo apt autoremove' to remove them.
The following packages will be REMOVED
linux-generic-hwe-20.04
0 to upgrade, 0 to newly install, 1 to remove and 0 not to upgrade.
After this operation, 21.5 kB disk space will be freed.
Do you want to continue? [Y/n]
The “no longer required” line concerned me. This suggests that if I remove linux-generic-hwe-20.04 now, then linux-generic-hwe-22.04 which I presumably need will be removed next time I run autoremove. So I declined to remove linux-generic-hwe-20.04. Currently, autoremove does not want to remove anything:
~$ sudo apt-get autoremove
Reading package lists... Done
Building dependency tree... Done
Reading state information... Done
0 to upgrade, 0 to newly install, 0 to remove and 0 not to upgrade.
But I assume that if I were to have gone through with the removal of linux-generic-hwe-20.04, autoremove would then remove linux-generic-hwe-22.04, which I assume would break my system.
Am I missing anything? If not, why do the devs allow this? A common command for an automatic upgrade (apt dist-upgrade) tells me that linux-generic-hwe-20.04 is outdated and insecure, so any security-conscious user (even a beginner) would want to remove it and assume it’s okay to remove it (which it theoretically is), but then the next time said beginner ran autoremove, their system would break (not that I’m not a beginner, but at least I know enough to have been concerned when I saw the “no longer needed” line and stopped what I was doing).
And, should I be removing linux-generic-hwe-20.04 since it supposedly will not receive security updates anymore? Is its presence on my system a risk? I don’t want Ubuntu Pro. More information about my system if it matters:
~$ uname -a
Linux administrator-laptop 6.8.0-90-generic #91~22.04.1-Ubuntu SMP PREEMPT_DYNAMIC Thu Nov 20 15:20:45 UTC 2 x86_64 x86_64 x86_64 GNU/Linux
~$ lsb_release -a
No LSB modules are available.
Distributor ID: Ubuntu
Description: Ubuntu 22.04.5 LTS
Release: 22.04
Codename: jammy
Regarding the other packages that are supposedly not going to receive security updates without Ubuntu Pro: I removed Python3.8 and related packages, but I still have python-apt which I believe is necessary even for Python3.10 (which is what I have now) and libssl1.1 which is necessary for RuneScape. Is any security risk presented by keeping these packages installed, since they are supposedly not going to receive security updates if I don’t use Ubuntu Pro?
Given that Debian users use Python 3.10 and RuneScape, surely there is a way to maintain security updates for python-apt and libssl1.1 without an Ubuntu Pro account since Python 3.10 and RuneScape seem to depend on them?
