You could use backports: https://help.ubuntu.com/community/UbuntuBackports but I'm not sure that will reach the widest possible audience. It may be worth doing in addition to security-only fixes, but it's a lot of effort to ensure that the package will build, install, and work on older releases. It may be easy or hard depending on pip's dependency stack.
You could use backports: https:/ /help.ubuntu. com/community/ UbuntuBackports but I'm not sure that will reach the widest possible audience. It may be worth doing in addition to security-only fixes, but it's a lot of effort to ensure that the package will build, install, and work on older releases. It may be easy or hard depending on pip's dependency stack.
Ideally, a security-only patch would be provided for the security pockets of these releases: https:/ /wiki.ubuntu. com/SecurityTea m/FAQ
I don't have the cycles to create the patches, but I could review and test them.