On Ubuntu, you can get a list of packages that are installed on your system but completely unmaintained by running this command:
Packages in this list have not had time allocated to them for integration or QA prior to release, and they do not receive regular security-updates or bug-fixes following initial release. As one moves further off-centre from Ubuntu's primary target-audience, the number of items in that list increases, and which items they are becomes more unsettling. For example: I prefer to use the official GNOME web-browser, Epiphany--for reasons nicely summarised on Daniel Bo's weblog. Ubuntu shipped no updates for Epiphany during the lifetime of Ubuntu 9.10 (Karmic Koala), despite there having been several provided by Ubuntu's upstream community--with the first update making its way into Debian just 2 weeks after the initial (random?) snapshot was made for Karmic. That's no updates for the GNOME web-browser available through Ubuntu until the next release, 6 months later. If you stick with Ubuntu's Long Term Service (LTS) releases, then you can expect to go 2 years with no updates for this or any other package in the `universe' or `multiverse' sections of Ubuntu. Having my web-browser, or anything else that faces the network, go
without security-updates should be unsettling enough; but there are
other items in my list that are even more unsettling: packages like
A friend was surprised to find that the "OTR" plugin for Pidgin,
which he used to keep his IM conversations secure,
is in How many items are in your list, and what are they? [Reply] |
![[@]](/icons/VisualIDs/unmaintained-packages-you-use.png){kind=icon}