Comment 1 for bug 95925
Revision history for this message
| Michael Gilbert (michael-s-gilbert) wrote Re: debsecan should be adjusted for ubuntu | #1 |
© 2004
Canonical Ltd.
•
Terms of use
•
Data privacy
•
Contact Launchpad Support
•
Blog
•
Careers
•
System status
•
bbfa235
(Get the code!)
this description is a small symptom of the large-scale problem with debsecan on ubuntu. the core issue is that ubuntu's debsecan conveys information that is just plain wrong. this is because ubuntu's debescan gets reference data from debian's security tracker [1], which does not track ubuntu issues. hence any issues in *-ubuntu1 packages, etc that do not exist in debian's database are not tracked at all. in fact no fixed ubuntu package has ever been tracked.
a robust solution for this problem would be a major undertaking. ubuntu would need to replicate debian's security tracker system and commit to populating the database with up to date information. although that may not be necessary if one was to get permission from debian to add and maintain ubuntu-specific security data in their tracker.
anyway, as it stands now, debsecan is lying to its users, which is just plain wrong. in its current state, the package should be removed from ubuntu.
[1] http://