Easy way to determine security support status
Investigate:
- Providing an early notification of EOL in update-manager
- Creating a GUI front end for ubuntu-
- Investigate linking tool to CVE tracker to get a risk evaluation
Blueprint information
- Status:
- Not started
- Approver:
- Kees Cook
- Priority:
- Medium
- Drafter:
- Marc Deslauriers
- Direction:
- Needs approval
- Assignee:
- Marc Deslauriers
- Definition:
- Approved
- Series goal:
- Accepted for natty
- Implementation:
-
Not started
- Milestone target:
-
ubuntu-11.04
- Started by
- Completed by
Whiteboard
Work items:
[mvo] add nag to update-manager when a release is EOL: DONE
[mvo] add nag to motd/update-
[mvo] add info dialog to update-manager when a release is EOL with no upgrade path (part of the normal upgrade process, but a special EOL releaseannoucement that explains it): DONE
[mvo] create logic that determines if a package is risky and needs to be uninstalled: POSTPONED
[mvo] add cleaning out insecure packages capabilities to computer janitor: POSTPONED
Maverick work items:
[mdeslaur] add wiki page with information on how to backup and reinstall that is linked from update-manager: WONTIMPLEMENT
[mdeslaur] prepare script to convert UCT pickle info into appropriate database for computer janitor: WONTIMPLEMENT
Gobby notes:
- Do a post-mortem on the support-status work done for lucid.
community supported packages don't have as many fixes
how to best alert people to demotions and EOL
EOL currently:
* update manager shows a message box to user stating that release is EOL
* shows up only once, unless they open update-manager (there is no nag)
* flag is available in the server side
Ideas going forward:
* nag weekly or daily or something
* upload new version of update-manager with the nag feature
* needs new code to use flag
* part of EOL checklist is to flip the flag and upload to -security
* nag feature should be smart about suggesting to reinstall vs upgrade
* on server -- update motd or whatever the new notifier will be
Demotions currently:
* synaptic
* ubuntu-
* computer-janitor suggests to remove stuff for space
Ideas going forward:
* possibly software center (not great experience)
* computer janitor could suggest stuff for support
- could export UCT by package information in a format for someone to use to
make decisions on suggestions for removal in computer-janitor
- medium or higher
- have a grace period of 1 month
- gives added incentive for package maintainers to update their packages
