[Date Prev][Date Next] [Thread Prev][Thread Next] [Date Index] [Thread Index]

Re: pycharm package in debian

> > who says that a "lagging behind" package doesn't have any security
> > issues? If
> > the package is lagging behind, how do you know that security
> > updates aren't
> > lagging behind either...
> 
> As this is Debian, I do expect that at least, I can read the security
> tracker to see the current status. For a snap package, I wouldn't
> know
> how to audit it.

I do wish that these third party app systems like conda, snappy or
flatpak would include metadata like AppStream or DOAP.

It would be really convenient to have one tool that could audit a
system for out of date packages, and for our bug reporting tools to be
able to direct users to the responsible party for a third party
installation.

I can see that GNOME software has some visibility into what valve's
steam is doing so it's at least theoretically possible.

Diane
Reply to: