Kernel
Differences between revisions 3 and 5 (spanning 2 versions)
|
Size: 1259
Comment:
|
Size: 1275
Comment:
|
| Deletions are marked like this. | Additions are marked like this. |
| Line 12: | Line 12: |
| == notification == * $UQT/security-tools/kernel-sru-check |
|
| Line 19: | Line 16: |
| * find fix * find introduction if possible/easy * record as lines using "break-fix" in the "Patches_linux:" section |
* find fix * find introduction if possible/easy * record as lines using "break-fix" in the "Patches_linux:" section == Frequent == * Check for workflow items needing attention: `$UQT/security-tools/kernel-sru-check` |
| Line 33: | Line 33: |
| * (part of the kernel update workflow) | * (this is our part of the kernel update workflow) |
| Line 38: | Line 38: |
| * (part of the kernel update workflow) |
Code
- UCT: lp:~ubuntu-security/ubuntu-cve-tracker/master
- UQT: lp:~ubuntu-bugcontrol/ubuntu-qa-tools/master
- kteam: git://kernel.ubuntu.com/ubuntu/kteam-tools.git
Workflow
tracking
Security Team Duties
per-CVE
- triage
- find fix
- find introduction if possible/easy
- record as lines using "break-fix" in the "Patches_linux:" section
Frequent
Check for workflow items needing attention: $UQT/security-tools/kernel-sru-check
Daily
- UCT merge with kernelteam
- sync UCT to LP and back
- see end of $UCT/README for definition of desired state changes
bzr update
./scripts/process_cves merge
./scripts/sync-bugs-kernel.py --skip-search --confirm-update
- sync UCT to USNs (for any CVEs that have changed state, been revoked, etc)
per-proposed-package
- (this is our part of the kernel update workflow)
validate CVEs for USN publication: $UCT/scripts/prepare-kernel-update -n REL SRC
- mark workflow item "Fix Released"
per-released-package
publish USN for real: $UCT/scripts/prepare-kernel-update -u REL SRC
SecurityTeam/UpdatePublication/Kernel (last edited 2025-02-24 15:35:08 by rodrigo-zaiden)