Comment 10 for bug 319146

Fantastic observations lavinog!

Yes, this is a security issue! And users should be warned somewhat in advance of end of life of the release they are using so that they can make the proper arrangements to have it taken care of.

I think it is important to consider how to make these end of life notifications look important enough to the user to act upon them, without being a constant nag. Perhaps if we are going to start out at three months prior to end of life. The message frequency could be sort of like a crescendo alarm clock. Maybe the first two months have it appear once a week. And then the last month prior to end of life, have it appear everyday. And perhaps if the user chooses to use the Ubuntu release past the end of life, they would be required to read and agree to a notification stating that security updates are no longer made for that release, and that they put their own data at risk by continuing to use it. After the notification is agreed to, the notifications stop. I only say this, as I'm sure there are circumstances where people use Ubuntu releases completely offline where security updates would not be necessary.

I also agree that the notification should be both independent of Internet access and the Update Manager. Although if the Update Manager checks are disabled to a computer connected to the Internet, that's a whole other security issue! {chuckle}