Core Developer application for Marc Deslauriers
marc.deslauriers at canonical.com
Sat Oct 31 01:48:03 GMT 2009
On Sat, 2009-10-31 at 00:23 +0100, Stefan Potyra wrote:
> Hi Marc,
> First off, sometimes it occurred to me that the entry level for -security (in
> regards to universe packages) might be smaller than for stable release
> updates. How do you make sure that a security update doesn't introduce
> regressions? How do you evaluate if a given patch fixes the security problem
> in question (especially in the case that no regression test is supplied)?
Currently, when a debdiff is contributed to packages in universe, a
security team member reviews it before pushing it as an update.
Generally, we ask the contributer what tests were performed to ensure
the update does not introduce regressions, break functionality, and to
ensure it actually fixes the issue.
The procedure is currently documented here:
> Also as a cofounder of motu-swat I've seen some tries to get contributors
> involved in the past. Imho a valuable one was to hold security meetings and
> on irc and to invite contributors via the ubuntu-devel list. Nowadays, I must
> admit that I've lost track of motu-swat (due to focussing on other tasks), so
> I'm asking as an outsider: Are you still holding regular -security meetings?
> Do you announce these to the community? If not, do you think that might gain
> more community involvement? Do you have other plans to get the community more
More information about the Motu-council