Seeking new Stable Release Update exceptions for Google cloud image agent packages - further amendments

Phil Roche phil.roche at canonical.com
Tue Apr 11 14:35:08 UTC 2023 

Hi all,

Re-opening this topic seeking an amendment to the Stable Release Update
exceptions for Google cloud image agent packages.

The Google Guest agents are written in golang and have dependencies
vendored.

See https://github.com/GoogleCloudPlatform/guest-agent/blob/main/go.mod

The amendment to the Stable Release Update exception is that the exception
will explicitly cover the updating of the pinned dependencies too.

The reason for seeking this amendment is that there was apprehension in
trying to SRU changes in these pinned dependencies and I thought seeking
the exception amendment now will avoid any concerns/debate come SRU time.

It is important to update these dependencies alongside agent updates to
avoid including dependencies with known vulnerabilities as is the case
currently with golang-golang-x-net - see
https://ubuntu.com/security/CVE-2022-41723

Please let me know if you need any further information to support this
request.

Thanks,

Phil

On Fri, 2 Sept 2022 at 08:46, Phil Roche <phil.roche at canonical.com> wrote:

> @Steve Langasek <steve.langasek at canonical.com> Will do. Thank you
>
> On Thu, 1 Sept 2022 at 23:38, Steve Langasek <steve.langasek at ubuntu.com>
> wrote:
>
>> Hi Phil,
>>
>> On Thu, Aug 18, 2022 at 05:01:58PM +0100, Phil Roche wrote:
>> > Hi all,
>>
>> > We at Canonical Public Cloud team build the Ubuntu Google Cloud images
>> and
>> > we often have requests from Google to update the versions of the agent
>> > packages in the images.
>>
>> > There is currently a special case granted for
>> gce-compute-image-packages @
>> >
>> https://wiki.ubuntu.com/StableReleaseUpdates#Documentation_for_Special_Cases
>> > which was granted in 2017.
>>
>> > > *gce-compute-image-packages*The source package
>> gce-compute-image-packages
>> > > may be uploaded according to the procedure documented in
>> > > gce-compute-image-packages-Updates
>> > > <https://wiki.ubuntu.com/gce-compute-image-packages-Updates>. Per
>> > > Technical Board discussion regarding delegation of these decisions to
>> the
>> > > SRU team, this stable release exception has been approved by
>> BrianMurray
>> > > for the SRU team as of 2017-03-10.
>>
>> > Google agent packages have evolved and new packages are now used to
>> provide
>> > the same and additional functionality:
>>
>> >    - google-compute-engine
>> >    <https://packages.ubuntu.com/jammy/google-compute-engine>
>> >    - google-compute-engine-oslogin
>> >    <https://packages.ubuntu.com/jammy/google-compute-engine-oslogin>
>> >    - google-guest-agent
>> >    <https://packages.ubuntu.com/jammy/google-guest-agent>
>> >    - google-osconfig-agent
>> >    <https://packages.ubuntu.com/jammy/google-osconfig-agent>
>> >
>> > We seek an exception for these new packages in line with the existing
>> > exception granted for gce-compute-image-packages.
>>
>> > As per
>> >
>> https://wiki.ubuntu.com/StableReleaseUpdates#Documentation_for_Special_Cases
>> > I have drafted new wiki pages for each of these packages:
>> >
>> >    - https://wiki.ubuntu.com/google-compute-engine-Updates
>> >    - https://wiki.ubuntu.com/google-compute-engine-oslogin-Updates
>> >    - https://wiki.ubuntu.com/google-guest-agent-Updates
>> >    - https://wiki.ubuntu.com/google-osconfig-agent-Updates
>>
>> > The reason for the exception request is the same as the original
>> request:
>>
>> > Cloud platforms evolve at a rate that can't be handled in six-month
>> > > increments, and they will often develop features that they would like
>> to be
>> > > available to customers who don't want to upgrade from earlier Ubuntu
>> > > releases. As such, updating %AGENT PAKCAGE% to more recent upstream
>> > > releases is required within all Ubuntu releases, so they continue to
>> > > function properly in their environment.
>>
>> > Please let me know if you need any further information to support this
>> > request.
>>
>> +1 from the SRU team for this exception.  Please update
>>
>> https://wiki.ubuntu.com/StableReleaseUpdates#Documentation_for_Special_Cases
>> to link to these exception pages.
>>
>> --
>> Steve Langasek                   Give me a lever long enough and a Free OS
>> Debian Developer                   to set it on, and I can move the world.
>> Ubuntu Developer
>> https://www.debian.org/
>> slangasek at ubuntu.com
>> vorlon at debian.org
>>
>
>
> --
> Phil Roche
> Senior Software Engineer
> Canonical Public Cloud
>


-- 
Phil Roche
Staff Software Engineer
Canonical Public Cloud
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.ubuntu.com/archives/ubuntu-release/attachments/20230411/15161268/attachment.html>

More information about the Ubuntu-release mailing list