Security/support status of packages

Jamie Strandboge jamie at
Thu Feb 7 16:08:39 GMT 2008

On Wed, 06 Feb 2008, Michael Vogt wrote:

> One of the solutions for the future might be a automatic generation of
> cve reports based on the data from
> onto a location like This could then be used by
> update-manager to check against the installed packages. Input from the
> security team if this is feasible would be welcome.

Technically this is possible, as it is just a different type of report
we could generate.

> As a solution that can be implemented for hardy we discussed a new
> view in synaptic that would allow sorting package by their support
> status. This would allow the user to more easily find packages
> installed but not in main. I was considering just putting it under the
> "Status" view in synaptic and adding a new emblem to add/remove
> (gnome-app-install) that tells about the support timeframe. What do
> you think?
I am not sure this is the best idea as it could be confusing and/or
upsetting to the user.

That said, the security team is addressing the root problem (slow
community updates) by:

1. Providing html reports generated by ubuntu-cve-tracker (implemented,
   but not public yet)
2. Building the Ubuntu security community [1]. We have already had our
   first IRC meeting, and it went quite well. :)

Hopefully these will address the need for being more transparent as well
as building the community.



Email: jamie at
IRC:   jdstrand
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: Digital signature
Url : 

More information about the ubuntu-devel mailing list