Comment 8 for bug 256098

Colin,

Thanks very much for fixing this bug.

Duncan,

One way appears to be to nominate the bug for backporting to a particular release of Ubuntu. I've done so both for hardy and intrepid. I have no idea if intrepid will have an 8.10.1 release though and if it doesn't this bug will continue to affect 8.10 installs in perpetuity.

It's hard to say how many systems out there don't have security updates enabled because of this bug. One thing Canonical could do is push out an update to a package in the updates tree to check to see if /etc/apt/sources.list has security.ubuntu.com commented out or not. Then they could fix the problem retroactively. This is something that could be deployed on both intrepid and hardy and so long as the user is updating their system at all they would get the fix. If this method were employed patching the installers would be a good idea but probably optional (barring a dependency issue between ubuntu-updates and a nonexistent ubuntu-security).