Leftovers: Ubuntu/Debian (EOL, GNOME, Tor)
Ubuntu announced its 15.04 (Vivid Vervet) release almost 9 months ago, on April 23, 2015. As a non-LTS release, 15.04 has a 9-month month support cycle and, as such, the support period is now nearing its end and Ubuntu 15.04 will reach end of life on Thursday, February 4th. At that time, Ubuntu Security Notices will no longer include information or updated packages for Ubuntu 15.04.
Canonical developers continue making progress in replacing the Ubuntu Software Center with GNOME Software.
For months Canonical has basically admitted defeat with their Ubuntu Software Center "app store" on the Ubuntu desktop. They've been wanting a new software store/center for a few years now and they decided with Ubuntu 16.04 LTS to transition to GNOME Software -- GNOME's software center.
During his DebConf15 keynote, Jacob Appelbaum observed that those listening on the Internet lines would have good reason to believe a computer have a given security hole if it download a security fix from a Debian mirror. This is a good reason to always use encrypted connections to the Debian mirror, to make sure those listening do not know which IP address to attack. In August, Richard Hartmann observed that encryption was not enough, when it was possible to interfere download size to security patches or the fact that download took place shortly after a security fix was released, and proposed to always use Tor to download packages from the Debian mirror. He was not the first to propose this, as the apt-transport-tor package by Tim Retout already existed to make it easy to convince apt to use Tor, but I was not aware of that package when I read the blog post from Richard.