Not volunteering to own this for now - set Won't Fix to be out of re-
triage
** Changed in: vde2 (Ubuntu)
Status: Incomplete => Won't Fix
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/776818
T
Part of the requirements for main inclusion is a bug subscriber who will
maintain the package in Ubuntu outside of security updates. Will the
server team sign up for maintenance? Please resubscribe back to ubuntu-
security if so.
** Changed in: vde2 (Ubuntu)
Assignee: Ubuntu Security Team (ub
** Changed in: vde2 (Ubuntu)
Assignee: Seth Arnold (seth-arnold) => Ubuntu Security Team
(ubuntu-security)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/776818
Title:
[MIR] vde2
To manage not
It's very hard, and it should be.
I'm not on the security team, but I suspect they'd be more inspired to
"just take another look" if someone went through Seth's feedback in
comment #18 and for each item (plus each bug that he lists) say whether
you believe it is fixed. For instance he lists bug 1
Is it really this hard to get 885 lines of code promoted into main?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/776818
Title:
[MIR] vde2
To manage notifications about this bug go to:
https://bugs
Any progress on this?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/776818
Title:
[MIR] vde2
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/vde2/+bug/776818
Seth, do you want to comment? Looks like maybe we can avoid the worst
of your findings if we merely promote the library itself and leave the
other binaries in universe. That would at least unblock KVM from
supporting it.
I don't know if you happen to remember which of your comments applied to
th
@mterry, thank you for your kind reply. Because I read the code, I could
say that many of Seth's objections do not apply anymore. The
libvdeplug2's code base is also pretty small: 885 lines of code with
comments, empty lines and the relative header. I would be glad to take
care of any issues propos
@mg, yes that is an option. Having just libvdeplug would be enough to
enable kvm's integration for vde without having to promote the rest of
vde. But there's little evidence that the security issues Seth found
are not present in libvdeplug...
--
You received this bug notification because you ar
Would it impratical/impossibile to include only libvdeplug in main and
leave all the other vde's packages in universe?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/776818
Title:
[MIR] vde2
To mana
Thanks for the review Seth. Marking "Won't Fix" for now. If someone
wants to take up the development work needed, then please assign to
yourself and mark as "In Progress".
** Changed in: vde2 (Ubuntu)
Status: Incomplete => Won't Fix
** Changed in: vde2 (Ubuntu)
Assignee: MIR approval
- No CVE history
- No init scripts, cron jobs, dbus services, fscaps, setuid, sudo
- Limited use of setuid(2), more extensive use of chown(2) indicates much
expects to run as root
- No binaries use PIE or BINDNOW
- No testsuite
- Daemons started with if-up-down.d scripts; some daemons can be conf
** Changed in: vde2 (Ubuntu)
Assignee: Jamie Strandboge (jdstrand) => Seth Arnold (seth-arnold)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/776818
Title:
[MIR] vde2
To manage notifications a
Bump - is this one feasible for raring? It would be one less bit of
delta from debian's qemu.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/776818
Title:
[MIR] vde2
To manage notifications about t
Hi Jamie,
this is desired by the server team :)
** Changed in: vde2 (Ubuntu)
Assignee: Ubuntu Server Team (ubuntu-server) => Jamie Strandboge (jdstrand)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.ne
@Jamie: In my opinion the answer is "users want it, so server team wants
it." I realize that even if there were time, MIR team is overloaded at
the moment. So I'd like to talk to you about this again at UDS.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is
Dustin Kirkland (kirkland) - Server team member - wrote in the related
bug 253230:
"Actually, I had to revert this change. libvdeplug2-dev (vde2) is in
Universe. We'll need to get an MIR filed/approved before we can have kvm
build-dep on it."
Now that we have the MIR maybe Dustin can approve th
I'm in the kvm session (UDS P) right now, and it is unclear if the
server team actually wants this. If someone from the server team can
confirm that this is in fact desired by the team, I'd be happy to review
it. Reassigning to server team for now.
** Changed in: vde2 (Ubuntu)
Assignee: Ubunt
Joseph and Serge, not much to do yet, unless you're on the security
team. After 11.10 is out and there's a development lull, occasionally
poking security people on IRC (judiciously!) might speed things up.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is su
@mterry,
I assume that there is nothing for now for the server team to do then,
right? (AIUI we can't put the vde lib in build-depends for kvm without
those libs being in main).
Just making sure - thanks!
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is s
@Michael Terry I guess I should have linked to the original bug in the
first place. I don't mean to be a pain but some times you have to whine
a little to get things rolling.
Hopefully security won't be an issue. The Debian guys are pretty good
about this stuff and it passed there approval. But
Joseph, ah! Thanks for the bug link. That provides some of the missing
rationale and history behind this MIR.
I understand your frustration, but part of the reason for this
particular delay is that the people reviewing MIRs are busy and not
domain experts in everything. Because the original des
@Michael Terry I reported this against vde2 over a year ago. Then I was
told I needed to file a MIR.
The bug report you are suggesting already exists: bug 253230. Here's a
line from that report, "It's been open for years and lead to nothing."
1) There is clearly demand for vde2 support in KVM
I think the best way forward for this is to file a bug against kvm in
Ubuntu and suggest adding vde2 as a dependency/recommends. If this
happens and vde2 is well-integrated into kvm, you should re-open this
bug.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which
I'm still waiting for this as well. No one seems to want to do it.
Should be easy since it's already been a Debian package for several
years. Just needs to be included in main and added as a build dep of
kvm. No other configuration required as far as I know.
Regarding kees concern about adding
Is there any news regarding this issue? What do we need to know/whom to
ask in order to make it fixed?
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/776818
Title:
[MIR] vde2
To manage notifications
[Expired for vde2 (Ubuntu) because there has been no activity for 60
days.]
** Changed in: vde2 (Ubuntu)
Status: Incomplete => Expired
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/776818
Titl
Without sign-in from the Ubuntu KVM maintainers, I'd rather not commit
to having this in main. It is a rather large bit of code, includes
daemons, etc. I think making sure this is integrated sanely is the first
step. Main promotion can happen later.
** Changed in: vde2 (Ubuntu)
Assignee: Kees
** Changed in: vde2 (Ubuntu)
Assignee: (unassigned) => Kees Cook (kees)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/776818
Title:
[MIR] vde2
To manage notifications about this bug go to:
htt
vde2 makes it possible to create a virtual network for your VMs. This
is an important tool for cloud computing. If Ubuntu wants to compete as
a cloud computing solution this is a critical piece to the puzzle.
It shouldn't be much work to move vde2 into main. The package is well
supported and te
Is native VDE support part of a blueprint or just a nice-to-have? I'm
trying to get a sense of rationale/importance.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/776818
Title:
[MIR] vde2
To manag
31 matches
Mail list logo