Comment 0 for bug 888568

ubuntu-security routinely uses the 'target to release' functionality in Launchpad to track CVEs. Part of this work is for our kernel security engineer to work with the kernel team on the kernel cadence, which requires as part of our process to manipulate 'target to release' tasks a lot. Unfortunately, to be able to 'target to release', currently one must be a core-dev, part of ubuntu-release or part of ubuntu-drivers (there may be others). I would like the 'target to release' permissions to also include 'ubuntu-security'.

As it is a requirement for people in ubuntu-security to manipulate tasks, but it is not a requirement for specialist security engineers (like our browser security engineer or kernel security engineer) to be core-dev or in one of these groups, the current permissions do not fit the needs for my team, and this blocks their work.

It was mentioned that ubuntu-security could be added to ubuntu-release, but that does not seem the proper longterm fix, as ubuntu-release starts to become bloated like ubuntu-drivers used to be. Depending on the time frame for this fix, we may have to use ubuntu-release as a workaround since this is blocking our work. (This was not a big problem before but changes in our team have highlighted the issue (ie, our new kernel security engineer is not in any of these groups)).