Is this a joke? Canonical, please stop supporting Dapper NOW!

[zugu]

I know people around here like to think Windows is insecure, but here's what I found while browsing Launchpad:

96 open CVE bugs in Ubuntu Dapper

Some of the vulnerabilities have been reported in 2007. I mean, is this a joke? For an 'enterprise-ready', LTS release this is unacceptable. You'd have to be out of your mind to install this in a production environment, but what about people who already installed it years ago, hoping Canonical would provide support and security patches?

Look at this VLC media player CVE report. It's been reported in the middle of 2007. Not only it's not fixed in the middle of 2009, it's been closed as "Won't Fix" for other, EOL'd Ubuntu releases. Now it's as if they want Dapper to die so that they can close the bug with the same "Won't Fix".

Dapper's Squirrelmail is also in a very, very bad situation. Ruby. PHPMyAdmin. Wordpress. Python. Lighttpd. Java. OpenSSL. Jesus Christ, this is insane!

I honestly hope they just remove Dapper from all Ubuntu mirrors, the thing is riddled with gaping security holes it's obvious they won't lift a finger to fix. So better remove it and tell everyone who installed it to replace it with some newer Ubuntu version, or even another OS.

Canonical, please stop official support for Dapper now! It's not as if you're offering any, anyway, but at least you make people aware of the huge risks they're taking everyday they continue to use Dapper on their servers and workstations.

[Giant Speck]

Canonical is ending support for Dapper Drake this month.

[zugu]

Canonical is ending support for Dapper Drake this month.

So for most of its miserable life, Dapper was a failure. I'm sure Canonical will be relieved to see it die, just like with other EOL'd releases.

[Giant Speck]

So for most of its miserable life, Dapper was a failure. I'm sure Canonical will be relieved to see it die, just like with other EOL'd releases.

I'm sure not enough people use Dapper for it to really be of any concern now anyway.

[zugu]

I'm sure not enough people use Dapper for it to really be of any concern now anyway.

Such a professional attitude. </sarcasm> MS provides security patches to Windows XP since 2001 and it will continue to do so until 2014. Canonical announces 5 years of support on the server, only to tell people "you're not meaningful enough for us to do what we said we'd do".

And it's not about cutting support, it's about critical security bugs that were open for 2 years! 2 years of exposing your users to shocking vulnerabilities (just read the CVE documentation for the VLC bugs, it makes you shiver).

How is this professional again?

I vow not to use any Canonical product again.

[handy]

I had Dapper running on a machine for the best part of 2 years & never had any security problems, it did things for me that later releases would not do on the same hardware.

I don't know what you are complaining about, I consider you to be creating a storm in a tea cup.

If there had of been serious security issues with Dapper, we would all have been familiar with them a looong time ago, as the forum would have been hearing all of the tales of woe.

Your attempt at making such a big splash OP, seems to be a year or so too late as it is happening at such a crucial time in the life of Dapper (the end of it) that I think in reality you are a troll. Whether you know it or not is another question.

[Giant Speck]

MS provides security patches to Windows XP since 2001 and it will continue to do so until 2014. Canonical announces 5 years of support on the server, only to tell people "you're not meaningful enough for us to do what we said we'd do".

The difference between XP and Dapper is that XP, while being extremely outdated, is still the most-used Windows version (around 68% of computer users still use XP). Dapper is likely used by a very small minority of Ubuntu users.

[handy]

Don't feed them, they only grow.

[gn2]

MS provides security patches to Windows XP since 2001 and it will continue to do so until 2014.

Hmmm maybe by 2014 they'll have fixed the (up to) "Extremely Critical" unpatched vulnerabilities that remain outstanding.

http://secunia.com/advisories/product/16/
http://secunia.com/advisories/product/22/

And that's just the ones that are known about in the OS itsself, it doesn't address vulnerabilities that remain undisclosed or those in the many thousands of applications that can be run on the XP operating system.

I vow not to use any Canonical product again.

Ubuntu is not a Canonical "product".

[Giant Speck]

Ubuntu is not a Canonical "product".

Wait... then what is it?