I wonder about the update policies for universe packages.
In particular I have noticed the drupal 7 package in the community repository
is at verion 7.26, wheras the current version is 7.30. Intermediate versions
have fixed various security issues, including remotely exploitable ones. (I
believe an overview is kept at
http://people.canonical.com/~ubuntu-security/cve/pkg/drupal7.html). The package
seems to have been automagically syncronized from debian sid once.
Is there some kind of mechanism to issue resyncs/create an updated package?
Escpecially for packages which have potentially large security issues and which
have their own update mechanisms and which can be installed into a working
ubuntu server with minimal invasiveness, I believe there should be an update
schedule or the package should not be available at all.
--
Ubuntu-motu mailing list
[email protected]
Modify settings or unsubscribe at:
https://lists.ubuntu.com/mailman/listinfo/ubuntu-motu
