Thunderbird 78 has been backported to Ubuntu 20.04 LTS — no PPAs, Snaps, or Flatpaks required!
Ubuntu 20.04 LTS shipped with Thunderbird 68.x but this version is no longer supported upstream. This leaves Ubuntu developers will a problem: backport individual security fixes to Thunderbird 68, or port the newer (and still-supported) Thunderbird 78 to LTS users?
Understandably, Ubuntu devs opted for the latter choice.
“Thunderbird 68 is no longer supported by upstream. We don’t expect it to be practical to backport security fixes to Focal indefinitely. It has therefore become necessary to move to Thunderbird 78.x,” explains Ubuntu’s Oliver Tilloy.
I imagine a few people reading this will be surprised to learn that Ubuntu doesn’t automatically backport new versions of Thunderbird when released. After all, it does provide frequent updates to Mozilla Firefox.
So what gives?
Well, you need to remember that stability is a key selling point of a long-term support release. And stability only comes from having a solid foundation of dependable, interlocking pieces. New feature releases are cool, but they’re also terrible: they bring bugs, package conflicts, regressions, and other uncertainties with them, uncertainties that could affect other parts of the system.
Without going off on a tangent this is sort of why Snap apps were created; to allow LTS users to safely use newer software on older release, decoupled from the rest of the system.
As if to underline the cautious nature requires, Ubuntu devs warn of “disruption” to come from this stable-release upgrade.
Enigmail, for instance, is deprecated now that Thunderbird has a native PGP solution. This will impact LTS users relying on the plugin (not to mention a few other ones that haven’t been updated to work with Thunderbird 78.x).
“Users of Ubuntu 20.04 not wishing to update beyond Thunderbird 68.x may instruct apt to hold or pin the package, but this is not recommended as the package will no longer receive security updates,” Tilloy notes.
Riding the LTS series? I’d love to know what you think about this. Do you welcome this update? Or would you rather risk running an insecure version for the sake of predictability? Let me know down in the comments!