Process for providing security updates for chromium-browser

Jamie Strandboge jamie at canonical.com
Thu Sep 16 18:31:06 BST 2010 

On Mon, 2010-09-13 at 13:37 -0500, Jamie Strandboge wrote:
> On Mon, 2010-09-13 at 10:44 -0700, Kees Cook wrote:
> > How many chromium updates have happened through -proposed so far? Has the
> > 7-day waiting period helped uncover any regressions?
> > 
> Based on LP[1], 6 updates have hit lucid-security/lucid-proposed for the
> 5.0.375 release, with one in lucid-proposed now (6.0.472) and another
> (non-security) update waiting to get into lucid-proposed once the
> current one is published.
> 
> The 7 day waiting period has not uncovered any regressions that I am
> aware of (ie, I don't recall having to sponsor a respin of anything due
> to comments in an SRU bug). In fact, the 6.0.472.53 that is in
> lucid-proposed now has regressions that upstream fixed in 6.0.472.55 but
> these regressions were not reported to Ubuntu. This could simply be that
> there aren't many chromium/lucid-proposed users out there to uncover
> them.

Another piece of information worth noting is that upstream has been
releasing so fast that the SRU 7 day period is blocking new updates. For
example, during the 7 day wait for 6.0.472.53, .55 became available. .55
was bug fix only, so we uploaded .55 to lucid-proposed after .53 was
pocket copied so people could at least have the security fixes. We then
found out the next day that .59 was released as a security update. So we
were going to supersede .55 with a new .59 in lucid-proposed when fta
informed me today that upstream are releasing another security update
tomorrow. We pragmatically decided today to wait on a new upload to
-proposed since the imminent security update will be out way
before .59's 7-day waiting period is over. As a result, user's have to
wait much longer than 7 days to get .55's bug fixes and .59's security
fixes.

-- 
Jamie Strandboge             | http://www.canonical.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : https://lists.ubuntu.com/archives/technical-board/attachments/20100916/fd9164c6/attachment.pgp

More information about the technical-board mailing list