ubuntu community update policy (in particulat drupal7)
Robie Basak
robie.basak at ubuntu.com
Tue Aug 5 15:05:01 UTC 2014
On Tue, Aug 05, 2014 at 04:36:18PM +0200, Alias for Public Use wrote:
> The thing is if apparently no-one is watching the package and doing
> this, it might be safer not to offer the package in the first place.
> That way people unaware of the possibility of security issues not
> being addressed for extended periods of time cannot install the
> package. If necessary they would have to install the software
> themselves, probably more aware of the need to watch updates closely.
This is a fundamental difference between main and universe. There may be
a case for an exception in the case of particular packages (bitcoin is a
recent example), but in the general case I don't think it makes sense to
not offer the packages. Users have a choice as to what they do right
now, and also have the choice of contributing fixes. Removing packages
takes that choice away.
Instead, users can always opt to not install universe packages (eg.
remove it from sources.list). There's also an argument for not having
universe enabled by default, but I think that a decision was made a long
time ago before I was around on this point. I guess it could always be
revisited, but would probably be one for the technical board to make a
final decision on.
If the policy should be different for particular packages, what criteria
are you saying should be used for selecting these?
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 819 bytes
Desc: Digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-motu/attachments/20140805/97aad4bc/attachment.pgp>
More information about the Ubuntu-motu
mailing list