MotU Security bug filing / Malone questions

Reinhard Tartler siretart at tauware.de
Wed Dec 7 11:45:15 GMT 2005 

On Mi, 2005-12-07 at 08:22 +0100, Daniel Holbach wrote:
> Am Mittwoch, den 07.12.2005, 07:51 +0100 schrieb Shot - Piotr
> Szotkowski:
> > What is the proper way to file security-related bugs on universe
> > packages? I filed #5297 (recent Trac vulnerabilities fixed in Debian)
> > on December 2nd, and I see Daniel Holbach assigned the bug the next day,
> > but now I'm wondering whether I can do anything more about it or will
> > the bug get it's share of security love in due time.
> 
> thanks for taking so much care of this and posting it to the list, you
> clearly identified a bug in our processes.

Well, there is in fact a process of bringing security updates to
breezy-security/universe. It is the UDU Spec UniverseSecurity [1]. The
procedure is described here at [2], which covers BOTH main and universe.

[1] https://wiki.ubuntu.com/UniverseSecurity
[2] https://wiki.ubuntu.com/SecurityUpdateProcedures

> What do you all think about forming a security team? As I envision it,
> its members wouldn't have to be security experts per se, but get working
> on those issues as soon as they happen. Often enough Debian and/or
> Upstream are quick enough to fix it and we just have to make sure, we
> follow up.
> 
> I'd highly appreciate it, if a lot of us would volunteer for this.
> Opinions? Who starts the team?

In fact, we already have a universe-security team, but there is not much
action happening there. The main reasons seems to lack of time. I'm
quite busy with doing my regular MOTU stuff, but I'm submitting some
packages there from time to time. I'm not sure if there is an canonical
list of members in universe-security. We should perhaps create a
launchpad group for that.

-- 
Reinhard Tartler <siretart at tauware.de>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 189 bytes
Desc: This is a digitally signed message part
Url : http://lists.ubuntu.com/archives/ubuntu-motu/attachments/20051207/d35dfceb/attachment-0001.pgp

More information about the Ubuntu-motu mailing list