Public bug reported: [Description] Ubuntu-advantage-tools delivers a python command line client which enables Ubuntu Advantage support offerings. Version 26.0 will already have been uploaded to Hirsute prior to feature freeze. Version 27.0 will introduce the ability a new `ua fix <CVE_or_USN>` subcommand which will introspect the running system for a specific CVE or USN issue, report whether the system is affected and apply recommended packaging changes to resolve the CVE or USN.
[Rationale] ubuntu-advantage-tools v.27 is currently under development against a Ubuntu Security API service. Expectation is that 27.0 development, CI and verification will complete before release, but it will miss the Feature Freeze deadline of February 25th. This feature will also be planned for SRU into Xenial once it has landed in Hirsute. If we block the update to ubuntu-advantage-tools version 27, Ubuntu consumers will not still have to manually discoverwhich packages are affected by CVEs or USNs and remedy affected systems until we can SRU into Hirsute. [Timeline] ubuntu-advantage-tools already has a very basic `ua fix` command which reports whether a given CVE affects the current machine. Expectation is that we can have a fully functional `ua fix` command which will apply necessary packaging changes by end of February. [Risks] Low-risk for Hirsute as ubuntu-advantage-tools `ua fix` command is a commandline wizard intended primarly for manual inspection or resolution of individual CVEs on a limited number of systems. The 'fix' subcommand is not a utility we expect to be used frequently during the life of an Ubuntu system, or during boot process. So, errors will be limited to not providing the right information about a CVE/USN or not installing the recommended debs properly to remedy the provided CVE. ** Affects: ubuntu-advantage-tools (Ubuntu) Importance: Undecided Status: New ** Description changed: [Description] Ubuntu-advantage-tools delivers a python command line client which enables Ubuntu Advantage support offerings. Version 26.0 will already have been uploaded to Hirsute prior to feature freeze. Version 27.0 will introduce the ability a new `ua fix <CVE_or_USN>` subcommand which will introspect the running system for a specific CVE or USN issue, report whether the system is affected and apply recommended packaging changes to resolve the CVE or USN. - [Rationale] ubuntu-advantage-tools v.27 is currently under development against a Ubuntu Security API service. Expectation is that 27.0 development, CI and verification will complete before release, but it will miss the Feature Freeze deadline of February 25th. This feature will also be planned for SRU into Xenial once it has landed in Hirsute. If we block the update to ubuntu-advantage-tools version 27, Ubuntu consumers will not still have to manually discoverwhich packages are affected by CVEs or USNs and remedy affected systems until we can SRU into Hirsute. - [Timeline] ubuntu-advantage-tools already has a very basic `ua fix` command which reports whether a given CVE affects the current machine. Expectation is that we can have a fully functional `ua fix` command which will apply necessary packaging changes by end of February. [Risks] - Low-risk for Hirsute as ubuntu-advantage-tools `ua fix` command is a commandline wizard intended primarly for manual inspection or resolution of individual CVEs on a limited number of systems. The 'fix' subcommand is not a utility we expect to be used frequently during the life of an Ubuntu system, or during boot process. So, errors will be limited to not providing the right information about a CVE/USN or not installing the recommended debs properly to remedy the provided CVE.a + Low-risk for Hirsute as ubuntu-advantage-tools `ua fix` command is a commandline wizard intended primarly for manual inspection or resolution of individual CVEs on a limited number of systems. The 'fix' subcommand is not a utility we expect to be used frequently during the life of an Ubuntu system, or during boot process. So, errors will be limited to not providing the right information about a CVE/USN or not installing the recommended debs properly to remedy the provided CVE. -- You received this bug notification because you are a member of Ubuntu Bugs, which is subscribed to Ubuntu. https://bugs.launchpad.net/bugs/1915354 Title: [FFe] Include ubuntu-advantage-tools 27.0 To manage notifications about this bug go to: https://bugs.launchpad.net/ubuntu/+source/ubuntu-advantage-tools/+bug/1915354/+subscriptions -- ubuntu-bugs mailing list ubuntu-bugs@lists.ubuntu.com https://lists.ubuntu.com/mailman/listinfo/ubuntu-bugs