Hi Michelle,
Thanks for requesting the inclusion of the charmed-mongodb,
mongodb-exporter and percona-backup-mongodb PPAs. We would like to
confirm that the request has been accepted and the details has been
added to the tracking repository:
charmed-mongodb
* Project details:
https://git.launchpad.net/ubuntu-security-customer-ppa-tracking/tree/data-platform-charmed-mongodb/project.yml
* Configuration details:
https://git.launchpad.net/ubuntu-security-customer-ppa-tracking/tree/data-platform-charmed-mongodb/config.yml
* Release specific details:
- Ubuntu 22.04:
> supported packages:
https://git.launchpad.net/ubuntu-security-customer-ppa-tracking/tree/data-platform-charmed-mongodb/jammy-supported.txt
mongodb-exporter
* Project details:
https://git.launchpad.net/ubuntu-security-customer-ppa-tracking/tree/data-platform-mongodb-exporter/project.yml
* Configuration details:
https://git.launchpad.net/ubuntu-security-customer-ppa-tracking/tree/data-platform-mongodb-exporter/config.yml
* Release specific details:
- Ubuntu 22.04:
> supported packages:
https://git.launchpad.net/ubuntu-security-customer-ppa-tracking/tree/data-platform-mongodb-exporter/jammy-supported.txt
percona-backup-mongodb
* Project details:
https://git.launchpad.net/ubuntu-security-customer-ppa-tracking/tree/data-platform-percona-backup-mongodb/project.yml
* Configuration details:
https://git.launchpad.net/ubuntu-security-customer-ppa-tracking/tree/data-platform-percona-backup-mongodb/config.yml
* Release specific details:
- Ubuntu 22.04:
> supported packages:
https://git.launchpad.net/ubuntu-security-customer-ppa-tracking/tree/data-platform-percona-backup-mongodb/jammy-supported.txt
- Ubuntu 23.10:
> supported packages:
https://git.launchpad.net/ubuntu-security-customer-ppa-tracking/tree/data-platform-percona-backup-mongodb/mantic-supported.txt
You and other indicated points of contact have been added as subscribers
to this repository. If changes are required in the future, please
request them by creating a merge proposal in Launchpad.
But as mentioned in the other email thread, we still need clarifications
for the items below:
- Support until 2032: upstream EOD is 31-Jul-2025 for Percona Server for
MongoDB 6.0 3 and TBD for Percona Backup for MongoDB as per
https://www.percona.com/services/policies/percona-software-support-lifecycle.
The security team usually doesn't support packages versions after their
EOL (e.g. OpenJDK or MySQL). It seems this is already committed, so we
expect the data platform team to assist our work after EOLs since they
are more familiar with the packages and their internals. We will discuss
this further with Alex Burrage, but did not want to block this request
for longer.
- ESM Support: We are assuming the expectation is to have ESM style
support: available critical, high, and selected medium CVE fixes. Please
let us know otherwise.
- Package updates delivery path/processes: can you please explain how we
should propose/upload patches? Should we follow any special versioning
scheme? Should we use the PPAs packages are copied from? (e.g.
https://launchpad.net/~taurus/+archive/ubuntu/test-psmdb6).
- Git repository: https://launchpad.net/~data-platform was indicated. We
don't see git repositories there, only PPAs. It is fine if the team does
not work with git. But asking just in case.
- Architectures: The security team does not yet have special hardware to
test, so we only build/test on amd64. I see some packages are built on
i368 and it is expected to support ARM7 in 24.04. The data platform team
will need to assist with this.
- Percona Server MongoDB version: The PPA is at version 6.0.6-5, but
there are newer 6.0.x upstream versions at
https://github.com/percona/percona-server-mongodb. It was indicated that
in 24.04 a minor version upgrade will be available. Will the existing
one for jammy gonna be upgraded or even maintained? The more we deviate
from upstream on their versions, the more complicated the backports can be.
- golang-1.21: Any reason to not use the archive version that we should
be aware?
Mauricio/Tom: Do you have any support further question?
From this moment on, the PPA is being monitored by the Ubuntu Security
and SEG teams. For security related questions or issues, please join the
~Security-engineering mattermost channel or write to
[email protected].
For support questions please join the ~Canonical Support channel, and
for SEG (Sustaining Engineering Group/team) questions please join the
~Sustaining Engineering channel.
In case of regressions detected with a bug-fix provided by SEG, please
create a case in the support portal (see ‘Canonical Staff Help Desk
Support’ in the [New Starter
Tasks](https://sites.google.com/a/canonical.com/about-canonical/home/new-starter-tasks)
page).
--
Mailing list: https://launchpad.net/~data-platform
Post to : [email protected]
Unsubscribe : https://launchpad.net/~data-platform
More help : https://help.launchpad.net/ListHelp
