[Bug 1192367] Re: No security release provided in Lucid for CVE-2013-3567
Marc Deslauriers
marc.deslauriers at canonical.com
Thu Jun 20 18:13:37 UTC 2013
On 13-06-20 01:58 PM, Alex Vandiver wrote:
> On Wed, 2013-06-19 at 11:55 +0000, Marc Deslauriers wrote:
>> That file is the authoritative list of packages supported by the
>> security team, and contains the list the packages we deemed able to
>> support for 5 years instead of the base 3 years.
>
> Understood, and not unreasonable. However, I did not find this clear in
> the support announcements, or the documentation -- and I expect I am not
> alone in this expectation. Did I misunderstand the "Supported" property
> listed in dpkg and the "Maintenance Period" documentation from the wiki?
> What can I do to help clarify the documentation of this limited security
> support? Alternately, can you point me towards where this policy is
> already documented?
Yes, we realized that the exact list wasn't very exposed in locations
where people would look. I've now added it to the Lucid release manifest
wiki page, which is linked from the releases wiki page:
https://wiki.ubuntu.com/LucidLynx/ReleaseManifest
Unfortunately, the "Supported" property doesn't work well for releases
that have different desktop and server support periods. We're working on
a more complete database that will allow us to detail what packages are
supported, and by who. Thankfully, more recent releases have a
consistent support period.
>
> As a follow-up question: in Precise, the server and desktop editions
> both receive support for 5 years. Does this mean that Precise will
> support all packages for 5 years, or is there a similarly limited set of
> packages for which support will be provided?
Everything in the "main" component will be supported by the security
team for 5 years.
Marc.
--
You received this bug notification because you are a member of Ubuntu
Server Team, which is subscribed to puppet in Ubuntu.
https://bugs.launchpad.net/bugs/1192367
Title:
No security release provided in Lucid for CVE-2013-3567
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/puppet/+bug/1192367/+subscriptions
More information about the Ubuntu-server-bugs
mailing list