Ubuntu Server 11.10 Features Defined

2011-05-27 Thread Robbie Williamson 
Hello all,

With FeatureDefinitionFreeze[1] now behind us, I'd like to formally
present the prioritized feature list for Ubuntu Server 11.10:

 http://blueprints.launchpad.net/~ubuntu-server/+specs?role=assignee

Please have patience with us, as we are still working out milestone
delivery targets and work items assignments, but you can get a good idea
of what Oneiric Server will be from this list. Please post all
questions/comments about this plan to the ubuntu-server mailing list.

If you scroll down to the bottom, you'll notice 5 blueprints with
"Undefined" priorities and starting with "topic-". These blueprints
correspond with 5 key topics we want to focus on this cycle (in no
particular order):
 * The Ubuntu Orchestra project
 * The Ubuntu Ensemble project
 * Ubuntu Server for ARM
 * Making Ubuntu Server the Best Cloud Infrastructure OS
 * Making Ubuntu Server the Best Cloud Guest OS
Each feature will fall into one or more of these categories, and is
marked as such in the "Dependencies" section.  The plan is that in the
upcoming days, we'll soon have a fast, easy, and useful way to track our
progress in these topics, as well as at the individual feature/work item
level.  Trust me, I've seen the prototype...it's **very** nice. ;)

So buckle up folks...it's going to be a roller coaster of a ride this
cycle, but I'm confident Ubuntu Server 11.10 will be our best release yet!

-Robbie

[1] https://wiki.ubuntu.com/FeatureDefinitionFreeze

-- 
Robbie Williamson 
Ubuntu Server Engineering Manager, Canonical
robbiew[irc.freenode.net]

"You can't be lucky all the time, but you can be smart everyday"
 -Mos Def

"Arrogance is thinking you are better than everyone else, while
Confidence is knowing no one else is better than you." -Me ;)


-- 
ubuntu-devel mailing list
ubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel

Server Team 20110524 meeting minutes

2011-05-27 Thread Serge Hallyn 
== Agenda ==

 * Review ACTION points from previous meeting
 * Oneiric Development
 * Ubuntu Server Team Events
 * Weekly Updates & Questions for the QA Team (hggdh)
 * Weekly Updates & Questions for the Kernel Team (smb)
 * Weekly Updates & Questions from the Ubuntu Community
 * Open Discussion

== Minutes ==

 Meeting Actions 

 * All: spec peer reviews

 Oneiric Development 

 * Review blueprints!
   - Thursday is feature definition freeze
   - We need peer reviews
   - See:
 * https://blueprints.launchpad.net/sprints/uds-o?searchtext=server-o
 * http://blueprints.launchpad.net/~ubuntu-server/+specs?role=assignee
   - Question the implementation and direction.
   - Give feedback in whiteboard.
   - Daviey will send a post to ubuntu-server ml today with further details.

 Weekly Updates & Questions for the Kernel Team (smb) 

smb reminded the team about his email asking about iscsitarget.

 Weekly Updates & Questions from the Ubuntu Community 

cp1 asked what we might do to better keep up with security updates.  He feels 
we were slow with the last exim update, particularly compared to debian.  
jdstrand, kees, and dholbach came back with suggestions:

 * kees pointed us to http://people.canonical.com/~ubuntu-security/cve/main.html
 * jdstrand informed us that as part of the security-o-community blueprint, 
10-15 packages per month will be put up for community contributions.
 * dholbach pointed out that if you are aware of an embargoed issue and have a 
patch, you can file a private security bug.

 Agree on next meeting date and time 

Next meeting will be on Tuesday, May 31st at 16:00 UTC in #ubuntu-meeting.

-- 
ubuntu-devel mailing list
ubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel

Re: Enabling the kernel's DMESG_RESTRICT feature

2011-05-27 Thread John McCabe-Dansted 
On Fri, May 27, 2011 at 7:44 AM, Kees Cook  wrote:
> The problem is that dmesg is just a log. The contents can't be adjusted
> based on who is viewing it like (like has been done for the %pK sprintf
> uses in /proc, /sys, etc). Things like Oops reports will go to dmesg, which
> are utterly useless without all their addresses intact, etc.

One could also provide an suid utility that stripped out everything
that looks like an address.

For fun, I attach such a utility, though I am not convinced this is
the best approach. It
 1) opens /var/log/dmesg
 2) drops root privileges
 3) filters out everything starting with '0x'

It strips out lots of things that aren't addresses, but It looks like
what it leaves could still be useful for many purposes. It may well
still leave some sensitive information unprotected, so I wouldn't use
it when it is not needed, particularly as it may cause confusion if
users mistake it for the real dmesg.

-- 
John C. McCabe-Dansted
#include 
#include 

int main ( int argc, char** argv )
{
	int last_char = 0;
	int this_char;
	int in_address = 0;
	
	FILE *f = fopen ( "/var/log/dmesg", "r" );

	if (setuid(getuid())) { /* drop root privileges */
		puts("Cannot drop root privileges\n");
		return 1;
	}


	while ( (this_char = fgetc(f)) != EOF) {
		if (this_char < 33 || this_char == ']' || this_char == '-') {
			// A space, newline or special char
			in_address = 0;
		}
		if (in_address) {
			putchar('?');
		} else {
			putchar((char)this_char);
		}
		if (last_char=='0' && this_char=='x') {
			in_address=1;
		}
		last_char = this_char;
	}

	return (0);
}
-- 
ubuntu-devel mailing list
ubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel

Re: Using -v when merging from Debian

2011-05-27 Thread Barry Warsaw 
On May 27, 2011, at 12:01 PM, Micah Gersten wrote:

>This is a friendly reminder that when merging a package from Debian,
>to use -v when building the source package.  You pass it the last
>version that was in Ubuntu and it'll include everything after that in
>the _source.changes file.  This allows all the recorded changes to
>show up on the -changes mailing list and any LP bugs closed in Debian
>to be auto-closed.

Also, as I just learned, if you're using UDD, when you build the source
package use the --package-merge option, e.g.:

$ bzr bd -S --package-merge

From the help:

  --package-merge   Build using the appropriate -v and -sa options for
merging in the changes from another source.

This bug tracks my inquiry as to why this can't just be the default:

https://bugs.launchpad.net/udd/+bug/788349

Cheers,
-Barry


signature.asc
Description: PGP signature
-- 
ubuntu-devel mailing list
ubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel

Re: Enabling the kernel's DMESG_RESTRICT feature

2011-05-27 Thread Kees Cook 
On Fri, May 27, 2011 at 04:29:33PM +0100, Matt Zimmerman wrote:
> On Thu, May 26, 2011 at 04:55:59PM -0700, Kees Cook wrote:
> > I won't say it doesn't complicate things, but I would like to point out
> > that everyone else's suggestion for this is to completely remove the values
> > from the dmesg report itself, rendering it unavailable to any user, even
> > root.
> 
> It seems we are forced into this dichotomy because there is only one log,
> which is mixing different types of information.  Has anyone proposed
> separating kernel debugging information from simple status logging, and
> allowing the remainder to remain accessible to users?

I don't think this would end up being sensible either, as the task of
performing debugging may need access to both. I still don't see the problem
of debugging as root. If you're not the system owner, you're not going to
be able to _change_ the system in an effort to fix the problem you are
debugging.

-- 
Kees Cook
Ubuntu Security Team

-- 
ubuntu-devel mailing list
ubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel

Using -v when merging from Debian

2011-05-27 Thread Micah Gersten 
This is a friendly reminder that when merging a package from Debian,
to use -v when building the source package.  You pass it the last
version that was in Ubuntu and it'll include everything after that in
the _source.changes file.  This allows all the recorded changes to
show up on the -changes mailing list and any LP bugs closed in Debian
to be auto-closed.

Thanks,
Micah


-- 
ubuntu-devel mailing list
ubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel

Re: Enabling the kernel's DMESG_RESTRICT feature

2011-05-27 Thread Matt Zimmerman 
On Thu, May 26, 2011 at 04:55:59PM -0700, Kees Cook wrote:
> I won't say it doesn't complicate things, but I would like to point out
> that everyone else's suggestion for this is to completely remove the values
> from the dmesg report itself, rendering it unavailable to any user, even
> root.

It seems we are forced into this dichotomy because there is only one log,
which is mixing different types of information.  Has anyone proposed
separating kernel debugging information from simple status logging, and
allowing the remainder to remain accessible to users?

-- 
 - mdz

-- 
ubuntu-devel mailing list
ubuntu-devel@lists.ubuntu.com
Modify settings or unsubscribe at: 
https://lists.ubuntu.com/mailman/listinfo/ubuntu-devel