The announcement of ROS ESM made me wonder: is Canonical essentially forking Kinetic, Melodic and Noetic?
The Ubuntu blog wasn’t completely clear about it. It states:
Even if your ROS distribution hasn’t reached its End-Of-Life (EOL), you can count on backports for critical security updates and common vulnerabilities and exposures (CVE) fixes for your ROS environment.
With ROS ESM, we have also included security and updates PPAs for core ROS packages. We will continue to backport critical security updates and bug fixes for ROS, for EOL and non-EOL distributions starting with ROS 1 Kinetic.
As security is such a cross-cutting and ubiquitous concern, will those fixes be contributed upstream as well?
Especially in cases where “your ROS distribution hasn’t reached its End-Of-Life” yet, that would seem to be the proper thing to do.
Anyone from OR?