Fantastic observations lavinog!
Yes, this is a security issue! And users should be warned somewhat in
advance of end of life of the release they are using so that they can
make the proper arrangements to have it taken care of.
I think it is important to consider how to make these end of life
notifications look important enough to the user to act upon them,
without being a constant nag. Perhaps if we are going to start out at
three months prior to end of life. The message frequency could be sort
of like a crescendo alarm clock. Maybe the first two months have it
appear once a week. And then the last month prior to end of life, have
it appear everyday. And perhaps if the user chooses to use the Ubuntu
release past the end of life, they would be required to read and agree
to a notification stating that security updates are no longer made for
that release, and that they put their own data at risk by continuing to
use it. After the notification is agreed to, the notifications stop. I
only say this, as I'm sure there are circumstances where people use
Ubuntu releases completely offline where security updates would not be
necessary.
I also agree that the notification should be both independent of
Internet access and the Update Manager. Although if the Update Manager
checks are disabled to a computer connected to the Internet, that's a
whole other security issue! {chuckle}
--
When a release reaches End-of-Life, update manager should show EoL status and
provide a link with working procedures and more information.
https://bugs.launchpad.net/bugs/319146
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
