ubuntu community update policy (in particulat drupal7)
Alias for Public Use
alias4pu at outlook.com
Sun Aug 3 19:38:51 UTC 2014
I wonder about the update policies for universe packages.
In particular I have noticed the drupal 7 package in the community repository is at verion 7.26, wheras the current version is 7.30. Intermediate versions have fixed various security issues, including remotely exploitable ones. (I believe an overview is kept at http://people.canonical.com/~ubuntu-security/cve/pkg/drupal7.html). The package seems to have been automagically syncronized from debian sid once.
Is there some kind of mechanism to issue resyncs/create an updated package? Escpecially for packages which have potentially large security issues and which have their own update mechanisms and which can be installed into a working ubuntu server with minimal invasiveness, I believe there should be an update schedule or the package should not be available at all.
More information about the Ubuntu-motu
mailing list