debsecan should be either adjusted (for ubuntu) or removed
Bug #95925 reported by
Daniël van Eeden
This bug affects 31 people
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
debsecan (Ubuntu) |
Confirmed
|
Medium
|
Unassigned | ||
Bug Description
Binary package hint: debsecan
$ debsecan --suite=edgy
usage: debsecan OPTIONS...
debsecan: error: option --suite: invalid choice: 'edgy' (choose from 'woody', 'sarge', 'etch', 'sid')
It should have options for edgy, etc.
Changed in debsecan: | |
importance: | Undecided → Wishlist |
status: | New → Confirmed |
summary: |
- debsecan should be adjusted for ubuntu + debsecan should be either adjusted for ubuntu or removed |
tags: | added: precise quantal raring |
summary: |
- debsecan should be either adjusted for ubuntu or removed + debsecan should be either adjusted (for ubuntu) or removed |
tags: | removed: precise quantal raring |
tags: | added: focal |
To post a comment you must log in.
this description is a small symptom of the large-scale problem with debsecan on ubuntu. the core issue is that ubuntu's debsecan conveys information that is just plain wrong. this is because ubuntu's debescan gets reference data from debian's security tracker [1], which does not track ubuntu issues. hence any issues in *-ubuntu1 packages, etc that do not exist in debian's database are not tracked at all. in fact no fixed ubuntu package has ever been tracked.
a robust solution for this problem would be a major undertaking. ubuntu would need to replicate debian's security tracker system and commit to populating the database with up to date information. although that may not be necessary if one was to get permission from debian to add and maintain ubuntu-specific security data in their tracker.
anyway, as it stands now, debsecan is lying to its users, which is just plain wrong. in its current state, the package should be removed from ubuntu.
[1] http:// security- tracker. debian. net/tracker/