Linux distributions long term support might not be what you think it is
Published on 2022-04-01.
Since I wrote The delusions of Debian, I have received a lot of email. I have therefore decided to do a small follow-up about the true meaning of Long Term Support (LTS).
Let's begin by getting the meaning of the term upstream right. As the Wikipedia article mentions, upstream refers to a direction toward the original authors or maintainers of software. In short, when we talk about upstream developers, we talk about the people who are actually doing the programming, i.e. making the software.
A third party package in a Linux distribution or BSD variant, is a piece of software developed by someone else. Hence, PHP or PostgreSQL is a third party package.
On e.g. Arch Linux I can install PostgreSQL with the command:
# pacman -S postgresql
On e.g. FreeBSD it is:
# pkg install postgresql16-server
A third party package maintainer in a Linux distribution or a BSD variant, can be that very same person who also develops the software, i.e. he or she is from upstream, but in many cases that's not the case. In most cases a package maintainer is simply someone who has volunteered some amount of his or hers free time to keep that specific software in the package repository so that you, the user, can easily install it with a package manager like
pacman from Arch Linux or
pkg from FreeBSD.
This means that when a project like Debian states that:
Debian's free of charge Long Term Support (LTS) version extends the lifetime of all Debian stable releases to at least 5 years. Additionally, the commercial Extended LTS initiative supports a limited set of packages for more than 5 years.
With regard to third party packages then that sorely depends upon whether or not upstream ALSO provides long term support!
Understandingly, this is where most misunderstandings occur.
The Debian website (and many other Linux distributions websites as well) doesn't say that this so-called long term support is dependent upon whether or not upstream also provides long term support. For an open source software developer or a package maintainer, this is obvious, but for many regular users, it is not so obvious because how exactly is a package made? What exactly is e.g. a Debian developer? How much of Debian does he or she actually develop? Does the package maintainer do any coding? Etc.
A Linux distribution cannot normally provide any kind of long term support for any kind of third party software if such software is no longer supported by upstream.
Upstream might simply stop development all together. Or maybe they just don't provide any long term support for older versions of their software, they only provide support for bleeding edge. In such a situation, the Linux distribution has no choice but to either neglect the package, update it to the latest bleeding edge version, even if that goes against their policy, or hope that perhaps someone involved in the distribution has the necessary skills to program a fix for a possible bug or security issue and then push that to upstream.