Security tracking improvements
Discuss how to improve the USN announcements and the CVE tracker
Blueprint information
- Status:
- Complete
- Approver:
- Kees Cook
- Priority:
- Medium
- Drafter:
- Jamie Strandboge
- Direction:
- Approved
- Assignee:
- Jamie Strandboge
- Definition:
- Approved
- Series goal:
- Accepted for oneiric
- Implementation:
- Implemented
- Milestone target:
- ubuntu-11.10
- Started by
- Jamie Strandboge
- Completed by
- Jamie Strandboge
Whiteboard
Work items:
[jdstrand] write up example text for issue summaries for example classes of software/users: DONE
[jdstrand] write wiki page to link from update instructions (desktop and server sections): DONE
[kees] implement database for overrides: POSTPONED
Etherpad notes (http://
Discuss how to improve the USN announcements and the CVE tracker
http://
* --issue-summary templates
* example: http://
* 1125-1: good
* 1129-1: bad
* "Multiple security issues could cause your computer to crash."
* [ACTION]: jdstrand to write up example text for issue summaries for these examples of 'classes' of software/users: kernel, apache, firefox/tbird, tiff, openssl, openjdk, python, oem glitches, X
* usn-website:
* --source-
* 3 problems
* who is the target audience - description is for someone unfamiliar with the package name. Should use the html title for the software description
* should not have multiple entries for the same software (eg, firefox)
* <pkgname> - description is weird
* text from changes is poor, so we should modify it and cache it somewhere
* database
* source pkg
* upstream proper name
* human software description
* leverage kees' scripts
* update instructions
* [ACTION] jdstrand write wiki page to link from update instructions
* desktop session and server section
* Can we add a bug for backports that don't get an update
* short answer: no
* long answer: there is enough information for people to automate reporting
* Policy for commenting in bugs in -proposed
* comment in the bug
* Tool ideas
* "what are the debs for a given USN?" (to replace the file list, md5sums, etc)