Security/support status of packages

Michael Vogt michael.vogt at
Wed Feb 6 20:10:15 GMT 2008


in the last development meeting the issue of security support in
universe came up. The universe security support is less active than
the one for main and this may lead to vulnerabilities not being fixed

One of the solutions for the future might be a automatic generation of
cve reports based on the data from
onto a location like This could then be used by
update-manager to check against the installed packages. Input from the
security team if this is feasible would be welcome.

As a solution that can be implemented for hardy we discussed a new
view in synaptic that would allow sorting package by their support
status. This would allow the user to more easily find packages
installed but not in main. I was considering just putting it under the
"Status" view in synaptic and adding a new emblem to add/remove
(gnome-app-install) that tells about the support timeframe. What do
you think?


More information about the ubuntu-devel mailing list