I know I don’t have reach { nor do I desire it ;) }, however it bears repeating that even if Canonical (sponsors of the Ubuntu project) aren’t releasing insecure project updates then they are almost definitely confusing their (free?) users if the packages being released are insecure.
I have already mostly switched to debian distributions myself which or may not be secure but feels like a more trustworthy promise. To fix the underlying publishing insecurity some form of sponsorship in sweat or money will likely need to be (re?-)made.
flu0r1ne via Hacker News spawned my personal concern
— LostLetterbox