Security/support status of packages
Jamie Strandboge
jamie at ubuntu.com
Thu Feb 7 16:08:39 GMT 2008
On Wed, 06 Feb 2008, Michael Vogt wrote:
> One of the solutions for the future might be a automatic generation of
> cve reports based on the data from
> https://code.edge.launchpad.net/~ubuntu-security/ubuntu-cve-tracker/master
> onto a location like changelogs.ubuntu.com. This could then be used by
> update-manager to check against the installed packages. Input from the
> security team if this is feasible would be welcome.
Technically this is possible, as it is just a different type of report
we could generate.
>
> As a solution that can be implemented for hardy we discussed a new
> view in synaptic that would allow sorting package by their support
> status. This would allow the user to more easily find packages
> installed but not in main. I was considering just putting it under the
> "Status" view in synaptic and adding a new emblem to add/remove
> (gnome-app-install) that tells about the support timeframe. What do
> you think?
>
I am not sure this is the best idea as it could be confusing and/or
upsetting to the user.
That said, the security team is addressing the root problem (slow
community updates) by:
1. Providing html reports generated by ubuntu-cve-tracker (implemented,
but not public yet)
2. Building the Ubuntu security community [1]. We have already had our
first IRC meeting, and it went quite well. :)
Hopefully these will address the need for being more transparent as well
as building the community.
Jamie
[1] https://wiki.ubuntu.com/SecurityTeam
--
Email: jamie at ubuntu.com
IRC: jdstrand
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : https://lists.ubuntu.com/archives/ubuntu-devel/attachments/20080207/fa4fcbbb/attachment.pgp
More information about the ubuntu-devel
mailing list