Security/support status of packages

Matt Zimmerman mdz at ubuntu.com
Thu Feb 7 10:51:05 GMT 2008


On Wed, Feb 06, 2008 at 09:10:15PM +0100, Michael Vogt wrote:
> in the last development meeting the issue of security support in
> universe came up. The universe security support is less active than
> the one for main and this may lead to vulnerabilities not being fixed
> quickly. 
> 
> One of the solutions for the future might be a automatic generation of
> cve reports based on the data from
> https://code.edge.launchpad.net/~ubuntu-security/ubuntu-cve-tracker/master
> onto a location like changelogs.ubuntu.com. This could then be used by
> update-manager to check against the installed packages. Input from the
> security team if this is feasible would be welcome.

This would be more interesting as a tool for the security team than for end
users.  I think it is far preferable to ensure that the user knows the
maintenance status of their installed software than to tell them after the
fact when a vulnerability appears.

> As a solution that can be implemented for hardy we discussed a new
> view in synaptic that would allow sorting package by their support
> status. This would allow the user to more easily find packages
> installed but not in main. I was considering just putting it under the
> "Status" view in synaptic and adding a new emblem to add/remove
> (gnome-app-install) that tells about the support timeframe. What do
> you think?

How would this differ from the existing emblem (Ubuntu logo) in Synaptic and
Add/Remove which provides this information?  I suppose easier sorting would
be useful if this is not much work to add.

-- 
 - mdz



More information about the ubuntu-devel mailing list