Compared to the old review we had these open topics:
1. confine services - you evaluated it (thanks a lot) and outlined why it can't
be done
due to conceptual issues. Ok if the security Team is.
2. Dependencies - well, now all vendored as shown in bug 1896246 and ok as
exception
Thanks for dropping the build-deps, that should ensure it really contains
what we assume.
3. copyright - is fixed
New topics:
4. Tests: in several of the - formerly separate - packages we challenged the
"lack of" or "disabling" of tests. The thought was that at least overarching as
the eventual use case that testing has to happen. Now that all are built form
one source we have that spot.
4a. At buld I only see it running "go test -vet=off -v -p 4
github.com/GoogleCloudPlatform/guest-agent/google_guest_agent
github.com/GoogleCloudPlatform/guest-agent/google_guest_agent/snapshot_service
github.com/GoogleCloudPlatform/guest-agent/google_metadata_script_runner".
So by vendorizing all libs we essentially have further reduced an already bad
test coverage.
Is there any way we could have it run the sub-tests of vendored code AND/OR do
some (simulated since we lack the real data service) end-to-end test?
4b. Does upstream have any sort of test suite to test the final combined thing?
If so could we integrate that into an autopkgtest?
So almost as expected the weak testing should be improved. That is but
is a strong, but no blocking TODO for you. It would be awesome if you
could spend some time for that while waiting for the security re-review!
I didn't find other issues, but Security - as mentioned - needs to re-
review due to the added extra code and a re-visit of the unconfined
externally-controlled services situation.
P.S. Looking back at recent Go promotions we might need (independent to this
bug) a re-review of our process as it seems to me all go an exception route
eventually, so it seems a dysfunctional process to me. /me missed an
engineering sprint ...
** Changed in: google-guest-agent (Ubuntu)
Assignee: Christian Ehrhardt (paelzer) => Ubuntu Security Team
(ubuntu-security)
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1891929
Title:
[MIR] google-guest-agent
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/google-guest-agent/+bug/1891929/+subscriptions
--
ubuntu-bugs mailing list
[email protected]
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
