On Mon, 2010-02-22 at 14:06 +0000, Iain Lane wrote: > >iii) MOTU SWAT needs help, especially as it moves from "universe" to > >"unseeded packages". I believe that extended discussion is worthwhile > >between the MOTU SWAT team and the Ubuntu Security team to determine > >if all security efforts could follow a standardised process and be > >handled by a single extended team (with some potential for separation > >within the team to support embargoed information, disclosure > >requirements, etc.). If MOTU SWAT is to remain separate, some work > >will need to be done on the tools to help better track what packages > >need attention and when. > > As an outsider, it seems to me that this team lacks coordination, and > would benefit from being under the Ubuntu security umbrella so that the > engineers working there can effectively delegate the required security > work for Universe packages.
This is probably true and our teams can discuss ways to address this. > With proper work tracking, I can see this > being a successful collaboration. I think we already have all the tracking mechanisms in place, we just need people to work on them: https://wiki.ubuntu.com/SecurityTeam/SponsorsQueue https://code.launchpad.net/~ubuntu-security/ubuntu-cve-tracker/master http://people.canonical.com/~ubuntu-security/cve/universe.html http://people.canonical.com/~ubuntu-security/d2u/ -- Jamie Strandboge | http://www.canonical.com
signature.asc
Description: This is a digitally signed message part
-- Ubuntu-motu mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-motu
