On Ubuntu, you can get a list of packages
that are installed on your system but completely unmaintained
by running this command:
dpkg --get-selections | grep '\Winstall' | cut -f1 |
xargs apt-cache show |
egrep '^Filename: pool/(universe|multiverse)/.*' |
sed -re 's:.*/([^_]+)_(.*)_.*:\1:' | less -N
Packages in this list have not had time allocated to them for
or QA prior to release, and they
do not receive regular security-updates or bug-fixes following
As one moves further off-centre from Ubuntu's primary target-audience,
the number of items in that list increases, and which items they are
becomes more unsettling.
For example: I prefer to use the official GNOME web-browser,
Epiphany--for reasons nicely
Daniel Bo's weblog.
Ubuntu shipped no updates for Epiphany
during the lifetime of Ubuntu 9.10 (Karmic Koala), despite there having been
several provided by Ubuntu's upstream community--with
the first update making its way into Debian just 2 weeks after the
initial (random?) snapshot was made for Karmic. That's no updates for
the GNOME web-browser available through Ubuntu until the next release,
6 months later. If you stick with Ubuntu's Long Term Service (LTS)
releases, then you can expect to go 2 years with no updates for this
or any other package in the `universe' or `multiverse' sections of
Having my web-browser, or anything else that faces the network, go
without security-updates should be unsettling enough; but there are
other items in my list that are even more unsettling: packages like
gnutls-bin, which is supposed to be a security tool. And there are
enough other `minorly-unsettling' items in my list that the sheer
number of them all together is itself unsettling.
A friend was surprised to find that the "OTR" plugin for Pidgin,
which he used to keep his IM conversations secure,
which, again, means that he cannot expect security updates for it.
So much for his secure conversations.
How many items are in your list, and what are they?