Advising your users to use your own repository is not a satisfying answer. If there's a package in Debian, then it should be fine using it. It should as well receive (security) updates if needed.

Absolutely, that said: the Debian maintainers are doing great work and the ownCloud Debian packages are absolutely up-to-date.

Now, it's looking like you didn't choose to have your package "synced" in Ubuntu universe. It just happened just like with many other software. My advice then would be to explicitely ask that the owncloud package is not synced again in any future release of Ubuntu, so you don't run into the same trouble again.

As a project we did not add our package anywhere. The point here is that we *are* responsible and actively maintaining our packages and we do it as a central place which is OBS. The problem is only that there is not yet a way to make that easy usable in Ubuntu or other distributions.

As for updating packages in Ubuntu, my experience is that it's not that hard. Just prepare a new package, and send the link to the Ubuntu security team, and basically, they can take care of the rest.

Why should we have to maintain our own repositories and the ones of every distribution out there? - This is okay as a short-term solution where we only have to to minor updates, but as soon as we have another major update it gets somewhat trickier :-)
I think this shows a bigger problem with the Universe repository: In our case we complained, but most other packages in there are most likely quite outdated as well but in their case no-one bothers to complain.

As noted in another reply from myself:

Additionally, some people in the comments seem to claim that "one developer of ownCloud is noted as maintainer for the Debian package". This entry is a legacy entry and as you can see in the changelog at http://metadata.ftp-master.deb... [debian.org] Thomas did last modify the packages at 11 Oct 2012.

(Disclaimer: Opinions expressed in this post are solely my own and do not necessarily also express the views of the ownCloud project or my employer)

This would require to follow processes such as SRU. - While it may sounds like an easy solution this is a heavy burden which we do not want to take on us.
Especially, if we want to do security releases at the same time we could - even if we would maintain the Ubuntu packages ourself - not guarantee that this would happen at the same time. We're therefore providing our own repositories at owncloud.org/install
But if you want to do this "trivially easy" job for us over the whole lifetime of the distribution (5 years) we'd really appreciate it.

Lukas from ownCloud here (the one mentioned in that article). I have to say, that this quickly escalated in a way that I did certainly not intend to. However, I'd like to clarify one thing.

The article states "for which no fixes have been backported". With that I meant to refer to the Ubuntu packages and not Version 5 or 6. We still support ownCloud 5 for security patches and critical bugfixes and ownCloud 6 for bugfixes and security patches. This might have been unclear.

I sent this request to Ubuntu because we're very much concerned about our users. While some of us might know that using the "Universe" repository is not a that great idea for internet facing software, most people don't. Furthermore, I don't believe it's the responsibility of the developer to update packages in every single distribution out there. Especially with distributions such as Ubuntu you have to follow quite complex processes such as SRU which consumes a lot of time.
Additionally, some people in the comments seem to claim that "one developer of ownCloud is noted as maintainer for the Debian package". This entry is a legacy entry and as you can see in the changelog at http://metadata.ftp-master.deb... Thomas did last modify the packages at 11 Oct 2012.

We're always recommending to our users to use one of the supported installation methods such as owncloud.org/install where we even provide our own repositories for most distributions.

(Disclaimer: Opinions expressed in this post are solely my own and do not necessarily also express the views of the ownCloud project or my employer)