On Mon, 2010-02-22 at 12:53 +0900, Emmet Hikory wrote: > iii) MOTU SWAT needs help, especially as it moves from "universe" to > "unseeded packages". I believe that extended discussion is worthwhile > between the MOTU SWAT team and the Ubuntu Security team to determine > if all security efforts could follow a standardised process and be > handled by a single extended team (with some potential for separation > within the team to support embargoed information, disclosure > requirements, etc.). If MOTU SWAT is to remain separate, some work > will need to be done on the tools to help better track what packages > need attention and when.
I think in a lot of ways, this is already done. We just need more people to get involved in the process. Due to limitations in Launchpad, MOTU-SWAT still needs to be a separate team from ubuntu-security (this is due to the ubuntu-security PPA containing embargoed items and the fact that you must be a member of ubuntu-security to publish from this PPA to the security pocket). We've long wanted MOTU-SWAT to be able to manage themselves and we can help/comment on procedures when the LP limitations are gone. That said, with the help of various MOTU folk[1] we identified improvements in the security sponsorship process and have implemented changes to address them and make our processes more like other teams[2]. The ubuntu-security-sponsors team was created, which MOTU-SWAT is a member. Links for the security sponsorship processes are also integrated into the the main SponsorshipProcess[3], just like with other teams. Each week a member of the ubuntu-security team is assigned to process bugs in our SponsorsQueue. So far, we've been doing all review as well as publication, but MOTU-SWAT can get involved in the review process which is really the most important part (while the ubuntu-security team is required for publication, this is simply a matter of copying packages around). Jamie [1] https://blueprints.launchpad.net/ubuntu/+spec/security-lucid-sponsorship-review [2] https://wiki.ubuntu.com/SecurityTeam/SponsorsQueue [3] https://wiki.ubuntu.com/SponsorshipProcess -- Jamie Strandboge | http://www.canonical.com
signature.asc
Description: This is a digitally signed message part
-- Ubuntu-motu mailing list [email protected] Modify settings or unsubscribe at: https://lists.ubuntu.com/mailman/listinfo/ubuntu-motu
