>
> On Wed, Sep 4, 2024 at 8:48 AM Andreas Hasenack <andreas@canonical.com> wrote:
> > I think one cost that may be missing from this analysis is the burden of responsibility in the case of revoked keys. Should a key be revoked in, say, Fedora, Fedora users can obviously expect an expedited update to the keyring. But will the Fedora maintainers (again, just an example, pick $distro) remember to also propagate this update to every other non-fedora distro?
>
> I'm restating what I think is one point that Robie and Andreas are
> making.
>
> Is there a person or a team who is willing to commit to
> maintain each of these packages through Ubuntu's SRU or Security
> Update procedures for the life of Ubuntu releases? If not, it might be
> better if these packages were excluded from Ubuntu's stable releases.
Sorry, I thought the question was about upstream.
I am willing to maintain these packages for Ubuntu releases. I will
already do it in Debian.
--
ubuntu-devel mailing list
ubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel
