ubuntu-security cannot target to series
Affects | Status | Importance | Assigned to | Milestone | |
---|---|---|---|---|---|
Launchpad itself |
Triaged
|
Low
|
Unassigned |
Bug Description
ubuntu-security routinely uses the 'target to series' functionality in Launchpad to track CVEs. Part of this work is for our kernel security engineer to work with the kernel team on the kernel cadence, which requires as part of our process to manipulate 'target to release' tasks a lot. Unfortunately, to be able to 'target to release', currently one must be a core-dev, part of ubuntu-release or part of ubuntu-drivers (there may be others). I would like the 'target to series' permissions to also include 'ubuntu-security'.
As it is a requirement for people in ubuntu-security to manipulate tasks, but it is not a requirement for specialist security engineers (like our browser security engineer or kernel security engineer) to be core-dev or in one of these groups, the current permissions do not fit the needs for my team, and this blocks their work.
It was mentioned that ubuntu-security could be added to ubuntu-release, but that does not seem the proper longterm fix, as ubuntu-release starts to become bloated like ubuntu-drivers used to be. Depending on the time frame for this fix, we may have to use ubuntu-release as a workaround since this is blocking our work. (This was not a big problem before but changes in our team have highlighted the issue (ie, our new kernel security engineer is not in any of these groups)).
Changed in launchpad: | |
status: | New → Triaged |
importance: | Undecided → Low |
tags: | added: distributions milestones projects series |
description: | updated |
summary: |
- ubuntu-security cannot target to release + ubuntu-security cannot target to series |
tags: | added: bug-nomination |
It might be sufficient for your kernel security engineer to have per-package upload rights to the kernel. It would be useful if a Launchpad developer could confirm that that was enough.
I feel that we ought to be able to assume that security engineers at least have upload rights to the things they're working on (and fix that if they don't).