Public bug reported:
[Description]
Ubuntu-advantage-tools delivers a python command line client which enables
Ubuntu Advantage support offerings. Version 26.0 will already have been
uploaded to Hirsute prior to feature freeze. Version 27.0 will introduce the
ability a new `ua fix <CVE_or_USN>` subcommand which will introspect the
running system for a specific CVE or USN issue, report whether the system is
affected and apply recommended packaging changes to resolve the CVE or USN.
[Rationale]
ubuntu-advantage-tools v.27 is currently under development against a Ubuntu
Security API service. Expectation is that 27.0 development, CI and verification
will complete before release, but it will miss the Feature Freeze deadline of
February 25th.
This feature will also be planned for SRU into Xenial once it has landed
in Hirsute.
If we block the update to ubuntu-advantage-tools version 27, Ubuntu
consumers will not still have to manually discoverwhich packages are
affected by CVEs or USNs and remedy affected systems until we can SRU
into Hirsute.
[Timeline]
ubuntu-advantage-tools already has a very basic `ua fix` command which reports
whether a given CVE affects the current machine. Expectation is that we can
have a fully functional `ua fix` command which will apply necessary packaging
changes by end of February.
[Risks]
Low-risk for Hirsute as ubuntu-advantage-tools `ua fix` command is a
commandline wizard intended primarly for manual inspection or resolution of
individual CVEs on a limited number of systems. The 'fix' subcommand is not a
utility we expect to be used frequently during the life of an Ubuntu system, or
during boot process. So, errors will be limited to not providing the right
information about a CVE/USN or not installing the recommended debs properly to
remedy the provided CVE.
** Affects: ubuntu-advantage-tools (Ubuntu)
Importance: Undecided
Status: New
** Description changed:
[Description]
Ubuntu-advantage-tools delivers a python command line client which enables
Ubuntu Advantage support offerings. Version 26.0 will already have been
uploaded to Hirsute prior to feature freeze. Version 27.0 will introduce the
ability a new `ua fix <CVE_or_USN>` subcommand which will introspect the
running system for a specific CVE or USN issue, report whether the system is
affected and apply recommended packaging changes to resolve the CVE or USN.
-
[Rationale]
ubuntu-advantage-tools v.27 is currently under development against a Ubuntu
Security API service. Expectation is that 27.0 development, CI and verification
will complete before release, but it will miss the Feature Freeze deadline of
February 25th.
This feature will also be planned for SRU into Xenial once it has landed
in Hirsute.
If we block the update to ubuntu-advantage-tools version 27, Ubuntu
consumers will not still have to manually discoverwhich packages are
affected by CVEs or USNs and remedy affected systems until we can SRU
into Hirsute.
-
[Timeline]
ubuntu-advantage-tools already has a very basic `ua fix` command which
reports whether a given CVE affects the current machine. Expectation is that we
can have a fully functional `ua fix` command which will apply necessary
packaging changes by end of February.
[Risks]
- Low-risk for Hirsute as ubuntu-advantage-tools `ua fix` command is a
commandline wizard intended primarly for manual inspection or resolution of
individual CVEs on a limited number of systems. The 'fix' subcommand is not a
utility we expect to be used frequently during the life of an Ubuntu system, or
during boot process. So, errors will be limited to not providing the right
information about a CVE/USN or not installing the recommended debs properly to
remedy the provided CVE.a
+ Low-risk for Hirsute as ubuntu-advantage-tools `ua fix` command is a
commandline wizard intended primarly for manual inspection or resolution of
individual CVEs on a limited number of systems. The 'fix' subcommand is not a
utility we expect to be used frequently during the life of an Ubuntu system, or
during boot process. So, errors will be limited to not providing the right
information about a CVE/USN or not installing the recommended debs properly to
remedy the provided CVE.
--
You received this bug notification because you are a member of Ubuntu
Bugs, which is subscribed to Ubuntu.
https://bugs.launchpad.net/bugs/1915354
Title:
[FFe] Include ubuntu-advantage-tools 27.0
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1915354/+subscriptions
--
ubuntu-bugs mailing list
ubuntu-bugs@lists.ubuntu.com
https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs
