Security Category

What are your thoughts on having a security category?

Often I find documentation and information related to security of a distribution to be either outdated or lacking. A place where devs can request a call to check a security patch is effective would be a nice addition imo.

Pete

We certainly could do with answering a few FAQs such as “My security scanner says that package X isn’t at a high enough version” and “How do I find if package Y has an update for CVE Z yet?”.

I’m not sure what you mean. What sort of calls do you expect devs want to make?

1 Like

I was thinking perhaps when a patch has been submitted, they could request users to test it and confirm it fixes the vulnerability, this would have the advantage of testing the fix on a range of environments.

Have you had specific problems with security updates where in hindsight you feel that users would have benefited by these calls for testing?

I believe the security team already have a PPA they occasionally use to request wider testing, but mostly they don’t have the luxury of the time this would require.

Understood. Where can I find information to help with the security side of Ubuntu?

There’s some information here.

FYI - to revive this old thread - the Ubuntu Security team are going to start moving discussions to this discourse and so a new Security category is in the works :slight_smile:

Here you go Security - Ubuntu Community Hub :slight_smile:

1 Like