Future of MOTU
Jamie Strandboge
jamie at canonical.com
Mon Feb 22 14:46:29 GMT 2010
On Mon, 2010-02-22 at 12:53 +0900, Emmet Hikory wrote:
> iii) MOTU SWAT needs help, especially as it moves from "universe" to
> "unseeded packages". I believe that extended discussion is worthwhile
> between the MOTU SWAT team and the Ubuntu Security team to determine
> if all security efforts could follow a standardised process and be
> handled by a single extended team (with some potential for separation
> within the team to support embargoed information, disclosure
> requirements, etc.). If MOTU SWAT is to remain separate, some work
> will need to be done on the tools to help better track what packages
> need attention and when.
I think in a lot of ways, this is already done. We just need more people
to get involved in the process.
Due to limitations in Launchpad, MOTU-SWAT still needs to be a separate
team from ubuntu-security (this is due to the ubuntu-security PPA
containing embargoed items and the fact that you must be a member of
ubuntu-security to publish from this PPA to the security pocket). We've
long wanted MOTU-SWAT to be able to manage themselves and we can
help/comment on procedures when the LP limitations are gone.
That said, with the help of various MOTU folk[1] we identified
improvements in the security sponsorship process and have implemented
changes to address them and make our processes more like other teams[2].
The ubuntu-security-sponsors team was created, which MOTU-SWAT is a
member. Links for the security sponsorship processes are also integrated
into the the main SponsorshipProcess[3], just like with other teams.
Each week a member of the ubuntu-security team is assigned to process
bugs in our SponsorsQueue. So far, we've been doing all review as well
as publication, but MOTU-SWAT can get involved in the review process
which is really the most important part (while the ubuntu-security team
is required for publication, this is simply a matter of copying packages
around).
Jamie
[1] https://blueprints.launchpad.net/ubuntu/+spec/security-lucid-sponsorship-review
[2] https://wiki.ubuntu.com/SecurityTeam/SponsorsQueue
[3] https://wiki.ubuntu.com/SponsorshipProcess
--
Jamie Strandboge | http://www.canonical.com
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 198 bytes
Desc: This is a digitally signed message part
Url : https://lists.ubuntu.com/archives/ubuntu-motu/attachments/20100222/640c89ed/attachment-0001.pgp
More information about the Ubuntu-motu
mailing list