Future of MOTU
Emmet Hikory
persia at ubuntu.com
Mon Feb 22 19:02:08 GMT 2010
Jamie Strandboge wrote:
> Emmet Hikory wrote:
>> As Archive Reorganisation moves forward, and components go away
>> entirely, I expect this becomes even more complicated, but I still
>> think that it is handled better by an integrated ubuntu-security team
>> (perhaps with only a subset authorised to pocket-copy) distribution
>> wide than by having a central "core security team" and additional
>> representative teams for each packageset providing security.
<...>
> For community supported packages, in the current process anyone can
> submit a patch for a security update with ubuntu-security-sponsors
> reviewing them and ubuntu-security publishing ACKd patches.
> ubuntu-security only has to be involved at all due to LP limitations,
> but performing the shuffling around is not a huge issue atm.
For the reference of those following the discussion, this topic
was raised in the weekly Secuity Team meeting, and the following item
has been added to the agenda for the next Technical Board meeting:
* Have delegated teams become responsible for security of their
packagesets (KeesCook)
* expect teams to actively track at least open CVEs in their packagesets
* expect teams to report on the progress of such tracking during the
weekly security team meeting
Members of MOTU SWAT are encouraged to attend and share their
views. Based on the meeting discussion, I have been convinced there
is an active place for MOTU SWAT within the redefined MOTU.
--
Emmet HIKORY
More information about the Ubuntu-motu
mailing list