On Tue, Aug 05, 2014 at 04:36:18PM +0200, Alias for Public Use wrote: > The thing is if apparently no-one is watching the package and doing > this, it might be safer not to offer the package in the first place. > That way people unaware of the possibility of security issues not > being addressed for extended periods of time cannot install the > package. If necessary they would have to install the software > themselves, probably more aware of the need to watch updates closely.
This is a fundamental difference between main and universe. There may be a case for an exception in the case of particular packages (bitcoin is a recent example), but in the general case I don't think it makes sense to not offer the packages. Users have a choice as to what they do right now, and also have the choice of contributing fixes. Removing packages takes that choice away. Instead, users can always opt to not install universe packages (eg. remove it from sources.list). There's also an argument for not having universe enabled by default, but I think that a decision was made a long time ago before I was around on this point. I guess it could always be revisited, but would probably be one for the technical board to make a final decision on. If the policy should be different for particular packages, what criteria are you saying should be used for selecting these?
signature.asc
Description: Digital signature
-- Ubuntu-motu mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-motu
