More explicit wording needed for HWE updates

Bug #1402706 reported by Dariusz Gadomski on 2014-12-15
264
This bug affects 2 people
Affects Status Importance Assigned to Milestone
update-manager (Ubuntu)
High
Unassigned
Precise
High
Unassigned
Trusty
Medium
brandyseres256@gmail.com

Bug Description

[Impact]
 * Users on trusty who run the HWE stack are not aware of the security implication when they not upgrade to a new HWE stack

[Test Case]
 * install 12.04.2 or similar and run update-manager
 * wait for the "New hardware support available bubble to appear"
 * verify that the wording is only talking about hardware
 * install the latest update-manager
 * verify that the wording is now talking about "security" as well

[Regression Potential]
 * This will cause a regression in the translations as the strings needs to be translated again.

---
In Precise after new HWE kernel was released the following message was displayed to the user:
"New hardware support is available [Install]".

This is perfectly correct, but I have received some complaints from sysadmins that this is a little bit misleading to end users.

The current approach leaves users with false sense of support and security - since they will not receive any (includnig *security*) kernel patches despite the fact that they have installed a LTS release.

In their opinion it should be emphasized that a new HWE kernel is required to prolong the LTS-nature of the installed system (since most of the HWE kernels will have up to a couple months of support).

So, if the current kernel is close to EOL and new HWE kernel is available the message should clearly recommend upgrading the kernel to maintain full system support.

information type: Private Security → Public Security
Launchpad Janitor (janitor) wrote :

Status changed to 'Confirmed' because the bug affects multiple users.

Changed in update-manager (Ubuntu):
status: New → Confirmed
Michael Vogt (mvo) wrote :

Do you have a suggestion for the message to use here?
 "New important security and hardware support update"
maybe?

Chris Johnston (cjohnston) wrote :

Something along those lines sounds good, however, we need to be able to provide them a way to find out more information about that. The command line says something along the lines of:

Your current Hardware Enablement Stack (HWE) is no longer supported
since 2014-08-07. Security updates for critical parts (kernel
and graphics stack) of your system are no longer available.

For more information, please see:
http://wiki.ubuntu.com/1204_HWE_EOL

There is a graphics stack installed on this system. An upgrade to a
supported (or longer supported) configuration will become available
on 2014-07-16 and can be invoked by running 'update-manager' in the
Dash.

So maybe if we said something like "New important security and hardware support update" and then provided a link to "More info" which linked to the EOL page?

Dariusz Gadomski (dgadomski) wrote :

"New important security and hardware support update" sounds good to me.

Putting there a "More info" link there sounds like a perfect idea.

Michael Vogt (mvo) wrote :
Michael Vogt (mvo) wrote :
Changed in update-manager (Ubuntu Precise):
importance: Undecided → High
Changed in update-manager (Ubuntu):
importance: Undecided → High
Changed in update-manager (Ubuntu Precise):
status: New → In Progress
Changed in update-manager (Ubuntu Trusty):
importance: Undecided → Medium
Timo Aaltonen (tjaalton) wrote :

Please add the SRU header as mentioned on https://wiki.ubuntu.com/StableReleaseUpdates

Michael Vogt (mvo) on 2015-02-09
description: updated

Hello Dariusz, or anyone else affected,

Accepted update-manager into precise-proposed. The package will build now and be available at http://launchpad.net/ubuntu/+source/update-manager/1:0.156.14.18 in a few hours, and then in the -proposed repository.

Please help us by testing this new package. See https://wiki.ubuntu.com/Testing/EnableProposed for documentation how to enable and use -proposed. Your feedback will aid us getting this update out to other Ubuntu users.

If this package fixes the bug for you, please add a comment to this bug, mentioning the version of the package you tested, and change the tag from verification-needed to verification-done. If it does not fix the bug for you, please add a comment stating that, and change the tag to verification-failed. In either case, details of your testing will help us make a better decision.

Further information regarding the verification process can be found at https://wiki.ubuntu.com/QATeam/PerformingSRUVerification . Thank you in advance!

Changed in update-manager (Ubuntu Precise):
status: In Progress → Fix Committed
tags: added: verification-needed

SRU Verification Precise:
I have verified that update-manager (1:0.156.14.18) in precise-proposed changes the message to "New important security and hardware support update" as shown in the attached screenshot.
Marking as verification done.

Thanks.

tags: added: verification-done
removed: verification-needed
Launchpad Janitor (janitor) wrote :

This bug was fixed in the package update-manager - 1:0.156.14.18

---------------
update-manager (1:0.156.14.18) precise-proposed; urgency=low

  [ Lefteris Nikoltsios ]
  * remove all ltsp* blacklisting (LP: #1415785)

  [ Michael Vogt ]
  * improve HWE support information message in the gtk UI
    (LP: #1402706)
  * consider more meta-packages when doing the apt-get install
    suggestion (LP: #1420217)
  * show unsupported packages if no replacement packages can be found
    (LP: #1341320)
 -- Michael Vogt <email address hidden> Tue, 10 Feb 2015 17:39:22 +0100

Changed in update-manager (Ubuntu Precise):
status: Fix Committed → Fix Released

The verification of the Stable Release Update for update-manager has completed successfully and the package has now been released to -updates. Subsequently, the Ubuntu Stable Release Updates Team is being unsubscribed and will not receive messages about this bug report. In the event that you encounter a regression using the package from -updates please report a new bug using ubuntu-bug and tag the bug report regression-update so we can easily find any regressions.

Changed in update-manager (Ubuntu Trusty):
assignee: nobody → brandyseres256@gmail.com (brandyseres256)
To post a comment you must log in.
This report contains Public Security information  Edit
Everyone can see this security related information.

Other bug subscribers