Security/support status of packages
mdz at ubuntu.com
Thu Feb 7 10:51:05 GMT 2008
On Wed, Feb 06, 2008 at 09:10:15PM +0100, Michael Vogt wrote:
> in the last development meeting the issue of security support in
> universe came up. The universe security support is less active than
> the one for main and this may lead to vulnerabilities not being fixed
> One of the solutions for the future might be a automatic generation of
> cve reports based on the data from
> onto a location like changelogs.ubuntu.com. This could then be used by
> update-manager to check against the installed packages. Input from the
> security team if this is feasible would be welcome.
This would be more interesting as a tool for the security team than for end
users. I think it is far preferable to ensure that the user knows the
maintenance status of their installed software than to tell them after the
fact when a vulnerability appears.
> As a solution that can be implemented for hardy we discussed a new
> view in synaptic that would allow sorting package by their support
> status. This would allow the user to more easily find packages
> installed but not in main. I was considering just putting it under the
> "Status" view in synaptic and adding a new emblem to add/remove
> (gnome-app-install) that tells about the support timeframe. What do
> you think?
How would this differ from the existing emblem (Ubuntu logo) in Synaptic and
Add/Remove which provides this information? I suppose easier sorting would
be useful if this is not much work to add.
More information about the ubuntu-devel