From the security team's point of view, we would really like to see a functioning fwupd both in standard support releases and in ESM releases. Being able to update system firmware is necessary to get both firmware and bundled microcode security fixes. This is in addition to the KEK and db updates which will be required for continued Secure Boot support.
While backporting a whole new version of fwupd is quite unusual for an SRU, I do believe a one-off full version bump is the right approach not just to fix the specific issue described in this bug, but also to ensure proper firmware updates in the future. I also think we should make sure these packages are built without the -updates pocket enabled so that they can get copied to the -security pocket once the SRU process has been completed. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/2142578 Title: [SRU] fwupd backports for KEK and db updates To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/fwupd/+bug/2142578/+subscriptions -- ubuntu-bugs mailing list [email protected] https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
