> I think one cost that may be missing from this analysis is the burden of responsibility in the case of revoked keys. Should a key be revoked in, say, Fedora, Fedora users can obviously expect an expedited update to the keyring. But will the Fedora maintainers (again, just an example, pick $distro) remember to also propagate this update to every other non-fedora distro?
I'm restating what I think is one point that Robie and Andreas are
making.
Is there a person or a team who is willing to commit to
maintain each of these packages through Ubuntu's SRU or Security
Update procedures for the life of Ubuntu releases? If not, it might be
better if these packages were excluded from Ubuntu's stable releases.
Thank you,
Jeremy Bícha
--
ubuntu-devel mailing list
ubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel