Should ubuntu warn it's users about security flaws in
propietary software that is used a lot.
Matt Zimmerman
mdz at canonical.com
Thu Nov 25 04:56:26 CST 2004
On Wed, Nov 24, 2004 at 12:44:30PM +0100, Kristof Vansant wrote:
> other packages that comes to mind:
>
> - mozilla-flash
> - ati drivers
> - nvidia drivers
> - ..
The ATI and nVidia drivers are supported (to the extent this is possible),
so they will receive attention and notices from the Ubuntu security team.
This situation has not occurred yet, so the exact policies and procedures
are not finalized.
> Should we warn people about flaws in them or not and how do we do that?
> On the site, mailinglists, etc?
For software which is not supported, we do not yet have the means to track
this information. We are working on some infrastructure to do this, and
when it is ready, we will be happy to track it, though there will not be
official Ubuntu announcements about such flaws.
--
- mdz
More information about the ubuntu-devel
mailing list