On Wed, 06 Feb 2008, Michael Vogt wrote:
> One of the solutions for the future might be a automatic generation of
> cve reports based on the data from
> onto a location like changelogs.ubuntu.com. This could then be used by
> update-manager to check against the installed packages. Input from the
> security team if this is feasible would be welcome.
Technically this is possible, as it is just a different type of report
we could generate.
> As a solution that can be implemented for hardy we discussed a new
> view in synaptic that would allow sorting package by their support
> status. This would allow the user to more easily find packages
> installed but not in main. I was considering just putting it under the
> "Status" view in synaptic and adding a new emblem to add/remove
> (gnome-app-install) that tells about the support timeframe. What do
> you think?
I am not sure this is the best idea as it could be confusing and/or
upsetting to the user.
That said, the security team is addressing the root problem (slow
community updates) by:
1. Providing html reports generated by ubuntu-cve-tracker (implemented,
but not public yet)
2. Building the Ubuntu security community . We have already had our
first IRC meeting, and it went quite well.
Hopefully these will address the need for being more transparent as well
as building the community.
ubuntu-devel mailing list
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel