Security Support - Re: Let's Discuss Interim Releases (and a Rolling Release)

Jamie Strandboge jamie at canonical.com
Thu Feb 28 18:06:12 UTC 2013


On 02/28/2013 10:53 AM, Marc Deslauriers wrote:
> On 13-02-28 11:32 AM, Scott Kitterman wrote:
>> On Thursday, February 28, 2013 11:29:45 AM Marc Deslauriers wrote:
>>> On 13-02-28 11:23 AM, Scott Kitterman wrote:
>>>> On Thursday, February 28, 2013 05:09:26 PM Martin Pitt wrote:
>>>>>>  * Take a monthly snapshot of the development release, which we support
>>>>>>
>>>>>> only until the next snapshot
>>>>>
>>>>> This is the main point where I have doubts and questions:
>>>>>  * What does "support" mean for the monthly snapshots? Hopefully not
>>>>>  
>>>>>    security updates, SRUs, and backports? That would ruin pretty much
>>>>>    all the savings that we do from dropping the interim releases.
>>>>
>>>> I think it's critical too.  Currently there is no security support in the
>>>> development series.  I have a hard time envisioning something with no
>>>> support from the Ubuntu security team as a release of any kind.  It's
>>>> certainly not something I could recommend who isn't involved in Ubuntu
>>>> development run on a system they care about.
>>>
>>> The security team does support the development release. When we push
>>> updates for the stable release, our policy is to either sync, merge or
>>> fix the packages in the dev release also.
>>>
>>> We will also be pushing urgent security updates to monthly snapshot users.
>>
>> Will they start getting USN coverage?
> 
> I don't know how the monthly snapshots will be handled yet. For now, I
> just want users of monthly snapshots to get urgent security fixes that
> can't wait a month for the next snapshot to roll over.

Right - this is a point of discussion, but my current feeling is I think
it is reasonable to include the development release in a USN if we
publish a high priority fix in the monthly release. I don't think it is
reasonable for us to publish an aggregate USN or separate USNs for the
security updates that are gotten by just upgrading month to month.

-- 
Jamie Strandboge                 http://www.ubuntu.com/

-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 899 bytes
Desc: OpenPGP digital signature
URL: <https://lists.ubuntu.com/archives/ubuntu-devel/attachments/20130228/be89b8d8/attachment.pgp>


More information about the ubuntu-devel mailing list