Canonical is making the security patches.
Also, you don’t have to release your source code changes to the public. You only have to release your changes to those who have access to the product.
That being said, Canonical probably does release the source code changes for their security fixes, I just don’t know where.
Yes. Ubuntu has two main repos, main and universe.
main is relatively small and includes everything that comes with Ubuntu by default. Canonical secures this repo with security fixes for everyone.
universe is not officially supported by Canonical. It’s updates are done by community members. However, Ubuntu started a service called Ubuntu Pro / ESM that provides updates for packages in universe. It’s opt in because Canonical wants companies using Ubuntu to pay for Pro in order to help fund Ubuntu. However, Pro is also free for personal use on up to 5 machines, so there’s no reason not to enable it. f it was enabled by default then no one would pay for it.
I just went on a journey looking at different local music players.
Just tried Rhythmbox. It’s not terrible, but not great either. It looks very bare bones.
Of the ones I’ve tried, I like Elisa the best. I spent a ton of time getting HQ artwork and quality metadata on my files and Elisa really shows that off. Rhythmbox barely shows any artwork. I just have two complaints about Elisa. First, Qt apps just don’t feel right in Gnome for various reasons: fonts are often too thick, icon contrast is bad, and Qt theme is weird for non-Breze. It also has weird scrolling behavior: it has forced scrolling smoothing and acceleration.
Runner up is Sayonara. It’s Qt based, but actually feels decent in Gnome. Overall I like the UI more than Elisa, but unfortunately it doesn’t handle showing my library as well. Artwork is duplicated (it shows albums multiple times if songs in them have different years) and some artwork is inexplicably missing.