Security/support status of packages
Michael Vogt
michael.vogt at ubuntu.com
Wed Feb 6 20:10:15 GMT 2008
Hi,
in the last development meeting the issue of security support in
universe came up. The universe security support is less active than
the one for main and this may lead to vulnerabilities not being fixed
quickly.
One of the solutions for the future might be a automatic generation of
cve reports based on the data from
https://code.edge.launchpad.net/~ubuntu-security/ubuntu-cve-tracker/master
onto a location like changelogs.ubuntu.com. This could then be used by
update-manager to check against the installed packages. Input from the
security team if this is feasible would be welcome.
As a solution that can be implemented for hardy we discussed a new
view in synaptic that would allow sorting package by their support
status. This would allow the user to more easily find packages
installed but not in main. I was considering just putting it under the
"Status" view in synaptic and adding a new emblem to add/remove
(gnome-app-install) that tells about the support timeframe. What do
you think?
Thanks,
Michael
More information about the ubuntu-devel
mailing list