> Were they categorically broken back in 2018? What would you have recommended companies do around that time frame, if they wanted to use Ubuntu?
They were and still are. The irony: the fix need not be breaking/demand a new major release.
> Most server code is not going to get very out of date over the course of several years. It's not significantly more decrepit than the day it was deployed.
That's my point. It was broken from the beginning.
Reminder: 'firewalld' is a management daemon for N firewalls. You use it exactly because you don't care about implementation details like the backend. It's not even part of the default Ubuntu install. Just offered.
Most users wouldn't see it, I don't judge that. I judge how Canonical behave{s,d}.
I would have recommended they, the integrator/procurer of the distribution, avoid the 'iptables' backend for 'firewalld'... a release or two before 18.04. Not even this one. It was well on the way out already/communicated/ignored.
If they wanted to fix it 'breaking upgrade' style, they had at least two chances. They could also avoid the rake-kickflip of the '--wait' option.
Final point being: I'm not here to do their work. A distribution is a collection of software. They chose to offer it, not me.
Just because I - the seasoned administrator can find/fix the problem - I shouldn't have to. I like a compelling experience too. This odd mixing isn't it.
I will fully admit to seeking out the problem in... asking to install firewalld. Not offering the packages at all, instead of poorly joined, would be an improvement. I'm not without options. I don't need poor ones.
To be clear: I'm not yelling into the void. This was reported to their bug tracker in at least 2019. I escalated it to them through $EMPLOYERS. Several. Canonical's support means jack to me.
"Vendor support" is largely a Bogeyman and compliance racket IMO. I've, outside this wild thread, otherwise moved on to nicer pastures!
