> If Ubuntu uses an upstream universe package from Debian, and doesn't modify it, how are they wasting effort?
Why Universe? Ubuntu is based on Testing, to the extent that anything can said to have been based upon a repo which is constantly in flux.
If Debian then modifies the package to fix a security hole, Ubuntu misses out. If Ubuntu modifies it to fix a security hole, Debian misses out. If Debian and Ubuntu both modify to fix a security hole, there is duplicated effort.
Using Debian as a base reduced duplicated effort *big time*. But there is *much* room for improvement.
And the story does not end on the release date. For the years that the package is supported by the distro, the security updates will be require duplicated effort. Do we really want one distro to release with version 126.96.36.199 and the other with 188.8.131.52 and duplicate the effort? Or would we prefer that both release with the same version and share the load?