[Bug 95925] Re: debsecan should be adjusted for ubuntu
Michael Gilbert
michael.s.gilbert at gmail.com
Tue Dec 30 01:03:12 UTC 2008
this description is a small symptom of the large-scale problem with
debsecan on ubuntu. the core issue is that ubuntu's debsecan conveys
information that is just plain wrong. this is because ubuntu's debescan
gets reference data from debian's security tracker [1], which does not
track ubuntu issues. hence any issues in *-ubuntu1 packages, etc that
do not exist in debian's database are not tracked at all. in fact no
fixed ubuntu package has ever been tracked.
a robust solution for this problem would be a major undertaking. ubuntu
would need to replicate debian's security tracker system and commit to
populating the database with up to date information. although that may
not be necessary if one was to get permission from debian to add and
maintain ubuntu-specific security data in their tracker.
anyway, as it stands now, debsecan is lying to its users, which is just
plain wrong. in its current state, the package should be removed from
ubuntu.
[1] http://security-tracker.debian.net/tracker/
** Changed in: debsecan (Ubuntu)
Assignee: (unassigned) => Michael Gilbert (michael-s-gilbert)
** Changed in: debsecan (Ubuntu)
Assignee: Michael Gilbert (michael-s-gilbert) => (unassigned)
--
debsecan should be adjusted for ubuntu
https://bugs.launchpad.net/bugs/95925
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
ubuntu-bugs at lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
More information about the universe-bugs
mailing list