This page shows the progress for a team or person towards a particular target. The burndown gives you a sense
of whether they are on track to complete all of their tasks at the current rate, and the information below shows
their progress against individual
Topics
, blueprints and workitems.
| Assignee |
Status |
Blueprint |
Priority |
Work item |
|
cking
|
Done |
security-q-ecryptfs |
High |
investigate aes-ni ecryptfs bug |
| security-q-ecryptfs |
High |
look at Ubuntu kernel config options around aes-ni |
| security-q-ecryptfs |
High |
expand torture testing |
|
C de-Avillez
|
Done |
security-q-ecryptfs |
High |
Start running the ecryptfs tests for kernel SRU verification in QA |
|
James Page
|
Done |
security-q-openjdk |
Essential |
contact eucalyptus team to test backports (medium) (0.5) |
| Postponed |
security-q-openjdk |
Essential |
find out icedtea's official position on openjdk-6 eol (high) (0.5) |
|
Jamie Strandboge
|
Done |
security-q-catch-all-essential |
Essential |
add python3 support to ufw (essential) (3) |
| security-q-apparmor-dev-essential |
Essential |
review ARB requirements and update policy (essential) (0.5) |
| security-q-apparmor-ubuntu |
Medium |
add default disabled profile for squid3 (low) (0.5) |
| security-q-apparmor-dev |
Medium |
send aa-sandbox prototype to the mailing list (medium) (1.5) |
| security-q-apparmor-dev |
Medium |
port/merge/verify existing python tools to python3 (medium) (1) |
| security-q-apparmor-dev |
Medium |
commit aa-easyprof tree soon (trunk only) |
| desktop-q-xorg-lts-updates |
High |
talk to release team about timing of EOL notice so it does not come too early |
| security-q-catch-all |
Medium |
implement deferred date handling in UCT and adjust cve alerts to use it (medium) (0.5) |
| security-q-catch-all |
Medium |
adjust cve_alerts to use heuristics so things with say 14 lows and no mediums still show up in the list (medium) (0.5) |
| security-q-catch-all |
Medium |
add umt compare-bin --ppa to copy_sppa_to_repo and then do a compare-bin on those pulled (low) (0.5) |
| security-q-catch-all |
Medium |
improve documentation for MIR audits (high) (1) |
| security-q-catch-all |
Medium |
improve tools for MIR audits (high) (3) |
| security-q-catch-all |
Medium |
create security dashboard page (low) (0.5) |
| security-q-catch-all |
Medium |
UCT updates for flavors notification (high) (2) |
| security-q-catch-all |
Medium |
fix UCT/scripts (et al) to be able to run from reviewed/ on lillypilly (high) (1) |
| qa-q-ubuntu-qa-tools |
Medium |
Clean security tools directory |
| foundations-q-python-versions |
High |
review apparmor merge, package & upload |
| foundations-q-python-versions |
High |
Port ufw |
| Postponed |
security-q-apparmor-ubuntu |
Medium |
add profile for gwibber-service (medium) (2) |
| security-q-apparmor-ubuntu |
Medium |
move dovecot profiles to default disabled (low) (0.5) |
| security-q-apparmor-dev-lxc |
Medium |
stacking - update man pages where necessary for stacking (medium) (1) |
| security-q-catch-all |
Medium |
fix database for early USNs with embedded utf-8 characters (medium) (0.5) |
| security-q-catch-all |
Medium |
documentation on how to consume the json db for landscape (medium) (0.5) |
| security-q-catch-all |
Medium |
sanity check json exports (medium) (1.5) |
| security-q-catch-all |
Medium |
investigate sanity checking pickle file (medium) (0.5) |
| security-q-catch-all |
Medium |
(thunderbird aa profile) look into method to work better with sanitized_helper (medium) (0.5) |
| security-q-catch-all |
Medium |
audit whoopsie-daisy again (medium) (1) |
| security-q-catch-all |
Medium |
adjust UCT reports for archive reorg (medium) (2) |
| security-q-catch-all |
Medium |
automatic auditing of isos (medium) (3) |
|
Jean-Baptiste Lallement
|
Done |
security-q-openjdk |
Essential |
run test suite on stable releases (essential) (3) |
|
John Johansen
|
In Progress |
security-q-apparmor-dev-essential |
Essential |
sids, add sids hash table - kernel (high) (3) |
| security-q-apparmor-dev-essential |
Essential |
sids, update kernel iterfaces for sids - kernel (high) (2) |
| security-q-apparmor-dev-essential |
Essential |
stacking, kernel interface - kernel (high) (1) |
| security-q-apparmor-dev-essential |
Essential |
stacking, add profile sets - kernel (high) (3) |
| security-q-apparmor-dev-essential |
Essential |
stacking, update sids to represent profile sets - kernel (high) (2) |
| security-q-apparmor-dev-essential |
Essential |
stacking, update task context to use profile sets - kernel (high) (1) |
| security-q-apparmor-dev-essential |
Essential |
stacking, refactor code to pass profile set instead of profile into top level - kernel (high) (3) |
| security-q-apparmor-dev-essential |
Essential |
stacking, refactor path lookup, so it is done once, and pass to foreach profile in set - kernel (high) (2) |
| security-q-apparmor-dev-essential |
Essential |
stacking, extend task context to track top namespace - kernel (high) (2) |
| security-q-apparmor-dev-essential |
Essential |
rework interface for atomic profile set load (high) (3) |
| security-q-apparmor-dev-essential |
Essential |
rework profile locking to use RCU to avoid system deadlock (essential) (5) |
| security-q-apparmor-dev-essential |
Essential |
base policy introspection interface - kernel (high) (3) |
| security-q-apparmor-dev-dbus |
High |
userspace policy matching, userspace matching - libapparmor - deps (high) (2) |
| security-q-apparmor-dev-dbus |
High |
userspace policy matching, unpack exported dfas - libapparmor - deps (high) (2) |
| Done |
security-q-apparmor-dev-essential |
Essential |
organize workitems and roadmap (essential) (1) |
| security-q-apparmor-dev-essential |
Essential |
release 2.8/open 2.9, branch 2.8, and do release steps (essential) (0.5) |
| security-q-apparmor-dev-essential |
Essential |
release 2.8/open 2.9, integrate outstanding patches (eg. net debugging from jeffm, ...) - (essential) (1) |
| security-q-apparmor-dev-essential |
Essential |
release 2.8/open 2.9, fix parser build failures on some tool chains - parser (essential) (0.5) |
| security-q-apparmor-dev |
Medium |
post outcome of this meeting to the mailing list (medium) (0.5) |
| hardware-q-kernel-config-review |
Essential |
investigate security of CONFIG_NF_CONNTRACK_PROCFS |
| Postponed |
security-q-apparmor-dev-essential |
Essential |
ext. mediation, alt ns unix domain socket - upstream (essential) (1) |
| security-q-apparmor-dev-essential |
Essential |
ext. mediation, alt ns unix domain socket, matching - kernel (essential) (2) |
| security-q-apparmor-dev-essential |
Essential |
ext. mediation, netlink - upstream (essential) (1) |
| security-q-apparmor-dev-essential |
Essential |
ext. mediation, netlink, base matching - kernel (essential) (0.5) |
| security-q-apparmor-dev-essential |
Essential |
dfa set perms, aare interface update - parser (high) (1) |
| security-q-apparmor-dev-essential |
Essential |
dfa set perm tracking, basic perms - parser (high) (2) |
| security-q-apparmor-dev-essential |
Essential |
dfa set perm tracking, deny perms - parser (high) (3) |
| security-q-apparmor-dev-essential |
Essential |
dfa, perm mapping to kernel perms - parser (high) (1) |
| security-q-apparmor-dev-lxc |
Medium |
aa-namespaces, interface - libapparmor (medium) (1) |
| security-q-apparmor-dev-lxc |
Medium |
aa-namespaces, interface - util aa-namespace (medium) (1) |
| security-q-apparmor-dev-lxc |
Medium |
aa-namespaces, interface - documentation/man pages for util (medium) (0.5) |
| security-q-apparmor-dev-lxc |
Medium |
aa-namespaces, controls limiting policy - upstream (medium) (0.5) |
| security-q-apparmor-dev-lxc |
Medium |
aa-namespaces, controls limiting policy - kernel (medium) (3) |
| security-q-apparmor-dev-lxc |
Medium |
aa-namespaces, controls limiting policy - regression tests (medium) (1) |
| security-q-apparmor-dev-lxc |
Medium |
aa-namespaces, controls limiting policy - documentation (medium) (0.5) |
| security-q-apparmor-dev-lxc |
Medium |
stacking, RFC/discussion - (medium) (2) |
| security-q-apparmor-dev-lxc |
Medium |
stacking, initial white paper doc - (medium) (2) |
| security-q-apparmor-dev-lxc |
Medium |
stacking - upstream (medium) (5) |
| security-q-apparmor-dev-lxc |
Medium |
stacking, update kernel interface to report compound profile name - kernel (medium) (2) |
| security-q-apparmor-dev-lxc |
Medium |
stacking, extend exec to have stacking transition - kernel (medium) (2) |
| security-q-apparmor-dev-lxc |
Medium |
stacking, handle rlimit composition - kernel (medium) (1) |
| security-q-apparmor-dev-lxc |
Medium |
stacking, investigate cgroup composition - kernel (medium) (2) |
| security-q-apparmor-dev-lxc |
Medium |
stacking, api to stacking - libapparmor (1) |
| security-q-apparmor-dev-lxc |
Medium |
stacking, extend policy language - parser (medium) (2) |
| security-q-apparmor-dev-lxc |
Medium |
stacking - parser tests (medium) (0.5) |
| security-q-apparmor-dev-lxc |
Medium |
stacking - regression tests for capabilities (medium) (1) |
| security-q-apparmor-dev-lxc |
Medium |
stacking - regression tests for rlimits (medium) (1) |
| security-q-apparmor-dev-lxc |
Medium |
stacking - regression tests for files (medium) (1) |
| security-q-apparmor-dev-lxc |
Medium |
stacking - regression tests for network (medium) (1) |
| security-q-apparmor-dev-lxc |
Medium |
stacking - regression tests for ipc (medium) (1) |
| security-q-apparmor-dev-lxc |
Medium |
stacking - regression tests for mount (medium) (1) |
| security-q-apparmor-dev-lxc |
Medium |
stacking - update aa-status to work with compound profile names (medium) (1) |
| security-q-apparmor-dev-lxc |
Medium |
stacking - update genprof/logprof to handle compound profile names (low) (3) |
| security-q-apparmor-dev-lxc |
Medium |
labeling - RFC/discussion (medium) (2) |
| security-q-apparmor-dev-lxc |
Medium |
labeling - initial white paper (medium) (3) |
| security-q-apparmor-dev-lxc |
Medium |
labeling, implicit label sets - kernel (medium) (3) |
| security-q-apparmor-dev-lxc |
Medium |
labeling, attach implicit sets to objects - kernel (medium) (2) |
| security-q-apparmor-dev-lxc |
Medium |
labeling, subset test task to object label set - kernel (medium) (2) |
| security-q-apparmor-dev-lxc |
Medium |
labeling, fallback for hooks where labels can't be used - kernel (medium) (2) |
| security-q-apparmor-dev-lxc |
Medium |
labeling, revalidation fallback when label doesn't match - kernel (medium) (2) |
| security-q-apparmor-dev-lxc |
Medium |
labeling, interface to introspect labels - kernel (medium) (3) |
| security-q-apparmor-dev-lxc |
Medium |
labeling - regression tests (3) |
| security-q-apparmor-dev-lxc |
Medium |
fd passing - revalidate files at exec (medium) (3) |
| security-q-apparmor-dev-lxc |
Medium |
fd passing - revalidate files at ipc (medium) (1) |
| security-q-apparmor-dev-lxc |
Medium |
fd passing - regression tests (medium) (2) |
| security-q-apparmor-dev-lxc |
Medium |
ext. mediation, clone newns.., controls - upstream (medium) (1) |
| security-q-apparmor-dev-lxc |
Medium |
ext. mediation, clone newns.., controls - kernel (medium) (1) |
| security-q-apparmor-dev-lxc |
Medium |
ext. mediation, clone newns.., controls - parser (medium) (1) |
| security-q-apparmor-dev-lxc |
Medium |
ext. mediation, clone newns.., controls - parser tests (medium) (0.5) |
| security-q-apparmor-dev-lxc |
Medium |
ext. mediation, clone newns.., controls - regression tests (medium) (1) |
| security-q-apparmor-dev-lxc |
Medium |
ext. mediation, clone newns.., controls - aa-logparse, including tests (medium) (1) |
| security-q-apparmor-dev-lxc |
Medium |
ext. mediation, clone newns.., controls - userspace tools (medium) (1) |
| security-q-apparmor-dev-lxc |
Medium |
ext. mediation, clone newns.., controls - userspace tool unit tests (medium) (1) |
| security-q-apparmor-dev-lxc |
Medium |
ext. mediation, clone newns.., controls - documentation/man pages (medium) (0.5) |
| security-q-apparmor-dev |
Medium |
policy interface, usertool change notification - kernel - deps base introspection (medium) (5) |
| security-q-apparmor-dev |
Medium |
dynamic lookup/files for policy introspecition - deps base introspection (low) (10) |
| security-q-apparmor-dev |
Medium |
stop mode - upstream (low) (1) |
| security-q-apparmor-dev |
Medium |
stop mode, global flag - kernel (low) (0.5) |
| security-q-apparmor-dev |
Medium |
upstream, LSM module unload patch (low) (5) |
| security-q-apparmor-dev |
Medium |
upstream, lsm_audit - allow passing of GFP flags to reduce chance of dropping (low) (2) |
| security-q-apparmor-dev |
Medium |
upstream, lsm_audit - return error when message fails (low) (2) |
| security-q-apparmor-dev |
Medium |
LSS status report presentation (low) (1) |
| security-q-apparmor-dev-dbus |
High |
userspace policy matching, - libapparmor unit tests - deps (high) (2) |
| security-q-apparmor-dev-dbus |
High |
userspace policy caching, use policy change notifications - libapparmor (medium) (2) |
| security-q-apparmor-dev-dbus |
High |
userspace policy caching, caching of previous queries - libapparmor (medium) (3) |
| security-q-apparmor-dev-dbus |
High |
userspace policy caching - libapparmor unit tests - deps (medium) (2) |
| security-q-apparmor-dev-dbus |
High |
dbus - RFC/discussion (high) (2) |
| security-q-apparmor-dev-dbus |
High |
dbus - upstream (medium) (5) |
| security-q-apparmor-dev-dbus |
High |
dbus daemon, use userspace match - dbus - deps libaparmor userspace match (high) (2) |
| security-q-apparmor-dev-dbus |
High |
dbus daemon, policy updates based on signal - dbus - deps kernel policy change interface (medium) (2) |
| security-q-apparmor-dev-dbus |
High |
dbus daemon, logging update - dbus (medium) (1) |
| security-q-apparmor-dev-dbus |
High |
dbus daemon - message data matching - dbus (medium) (4) |
| security-q-apparmor-dev-dbus |
High |
dbus - iterate policy language changes - parser (medium) (4) |
| security-q-apparmor-dev-dbus |
High |
dbus - parser tests (medium) (1) |
| security-q-apparmor-dev-dbus |
High |
dbus daemon- regression tests (medium) (2) |
| security-q-apparmor-dev-dbus |
High |
dbus - update aa-logparser, including test (medium) (1) |
| security-q-apparmor-dev-dbus |
High |
dbus - userspace tools (medium) (2) |
| security-q-apparmor-dev-dbus |
High |
dbus - userspace tools unit tests (medium) (2) |
| security-q-apparmor-dev-dbus |
High |
dbus - documentation/man pages (medium) (0.5) |
| hardware-q-kernel-config-review |
Essential |
come up with list of configs to turn on for QA during early builds and then turn off before release. May use another flavor to |
| security-q-catch-all |
Medium |
(ec2 lucid migration) talk to smoser for any concerns or usage numbers (high) (0.5) |
| security-q-catch-all |
Medium |
(ec2 lucid migration) if there are security fixes, push through -security, otherwise -proposed (high) (0.5) |
| security-q-catch-all |
Medium |
(ec2 lucid migration) verify kernel via QRT (high) (1) |
| security-q-catch-all |
Medium |
(ec2 lucid migration) ensure we have a back out plan in case this was a problem (high) (0.5) |
| security-q-apparmor-testing |
Medium |
review regression tests (medium) (1) |
| security-q-apparmor-testing |
Medium |
lxc testing, serge has some tests to look at (high) (1) |
| security-q-kernel-backports |
Essential |
kernel backports USN notification (essential) (0.5) |
|
Kees Cook
|
Postponed |
security-q-catch-all |
Medium |
send an email about suid_dumpable=2 should not be the default (high) (0.5) |
|
Dustin Kirkland
|
Postponed |
security-q-ecryptfs |
High |
publicize test writing and contribution (blog, #ubuntu-classroom) |
| security-q-ecryptfs |
High |
create a userspace ecryptfs-janitor type tool that cleans up zero-length files |
| security-q-ecryptfs |
High |
move the prerm check to warn loudly, rather than failing entirely |
|
Marc Deslauriers
|
Done |
security-q-apparmor-ubuntu |
Medium |
add grep to hook so that only denials for that package trigger the hook (high) (0.5) |
| security-q-apparmor-ubuntu |
Medium |
check packages that contain apparmor profiles to make sure they have apport hooks (high) (1) |
| security-q-apparmor-ubuntu |
Medium |
remove launchpad integration rules from apparmor profiles (medium) (1) |
| security-q-catch-all |
Medium |
investigate sysrq and get added to kernel (medium) (0.5) |
| security-q-catch-all |
Medium |
investigate virsh snapshot, and modify tools if successful (high) (1.5) |
| security-q-catch-all |
Medium |
rewrite vm tools in python to ease maintenance (high) (3) |
| Postponed |
security-q-apparmor-dev |
Medium |
when go to profile something, can we query the server (medium) (1) |
| security-q-apparmor-dev |
Medium |
figure out a way to make Ubuntu profiles available to others once we have shipped them (low) (1) |
| security-q-apparmor-dev |
Medium |
figure out a way to make profile sharing between distros work better (low) (1) |
| desktop-p-lock-screen |
Medium |
Write down user scenarios that trigger this feature |
| security-q-catch-all |
Medium |
list the linux kernel meta package in the CVE tracker in all cases (1.5) (high) |
| security-q-catch-all |
Medium |
list our prioirity in the usn db (0.5) (high) |
| security-q-catch-all |
Medium |
verify/add cve field in the usn database (high) (0.5) |
| security-q-catch-all |
Medium |
investigate firewire dma with all drivers (high) (1) |
| security-q-catch-all |
Medium |
add to regression tests that firewire dma is off and the old driver is blacklisted (low) (0.5) |
| security-q-catch-all |
Medium |
adjust UST tools for archive reorg support database (high) (1) |
| security-q-catch-all |
Medium |
update umt compare-log for handle two releases with the same orig package version (low) (0.5) |
|
Micah Gersten
|
Postponed |
security-q-catch-all-essential |
Essential |
security ppa building with chris' bot script (build tarball, file bug, changelog, etc) (essential) (2) |
| security-q-catch-all-essential |
Essential |
script screenshots of browsers (essential) (3) |
| security-q-catch-all |
Medium |
move chromium apparmor profile to package (medium) (1) |
| security-q-catch-all |
Medium |
get tbird apparmor profile into the apparmor-profiles repository (medium) (1.5) |
| security-q-catch-all |
Medium |
enable the seccomp2 backend in chromium-browser instead of using the setuid sandbox (high) (1) |
| security-q-catch-all |
Medium |
participate in plus one team duties (high) (20) |
|
Steve Beattie
|
In Progress |
security-q-apparmor-dev-dbus |
High |
dbus - get apparmor kernel, parser, library, dbus into a ppa (high) (1) |
| Done |
security-q-openjdk |
Essential |
contact RHEL people to try and arrange co-maintenance (essential) (0.5) |
| security-q-openjdk |
Essential |
build precise package on older releases (essential) (3) |
| Postponed |
security-q-apparmor-dev-essential |
Essential |
Pythonize simple apparmor tools (aa-enforce, aa-disable, aa-complain) (high) (2) |
| security-q-apparmor-dev-essential |
Essential |
base policy introspection interface - regression tests (high) (2) |
| security-q-apparmor-dev-essential |
Essential |
base policy introspection interface - update userspace tools (high) (2) |
| security-q-apparmor-dev-essential |
Essential |
base regression test infrastructure using py-unit (high) (3) |
| security-q-apparmor-ubuntu |
Medium |
add default disabled profile for smbd (low) (1) |
| security-q-apparmor-ubuntu |
Medium |
add default enabled profile for nmbd (and winbind if available) (low) (0.5) |
| security-q-apparmor-dev-lxc |
Medium |
stacking - create ppa for testing (medium) (0.5) |
| security-q-apparmor-dev |
Medium |
named profiles and binary globbing (all tools) (medium) (3) |
| security-q-apparmor-dev |
Medium |
PUx and pux not supported in userspace (medium) (1) |
| security-q-apparmor-dev |
Medium |
investigate seccomp2 support in AppArmor. Additional work items may fall out as a result of this investigation. (medium) (2) |
| security-q-apparmor-dev |
Medium |
convert build system to use autotools (low) (3) |
| security-q-apparmor-dev |
Medium |
base policy introspection interface - userspace tools unit tests (low) (2) |
| security-q-catch-all |
Medium |
security fake sync with native package (low) (0.5) |
| security-q-catch-all |
Medium |
investigate debsums.ubuntu.com and document proper use of debsums with a livecd (low) (1.5) |
| security-q-catch-all |
Medium |
fix qrt apache scripts for working with upstream testsuite (medium) (1.5) |
| security-q-catch-all |
Medium |
investigate appropriate uses of seccomp2 support in Ubuntu and send report to security team (high) (3) |
| security-q-apparmor-testing |
Medium |
implement base infrastructure in pyunit so we can start moving things over (high) (2) |
|
Scott Moser
|
Postponed |
security-q-catch-all |
Medium |
(ec2 lucid migration) test the kernel (high) (1) |
|
Tim Gardner
|
Done |
security-q-kernel-backports |
Essential |
write messaging surrounding using the new enablement meta package, how to temporarily stay on the new kernel, etc. https://wiki.ubuntu.com/Kernel/Release/Rolling |
| security-q-kernel-backports |
Essential |
ensure QA is doing testing of enablement on point releases, https://wiki.ubuntu.com/QATeam/AutomatedTesting/UpToDateKernel |
| Postponed |
security-q-kernel-backports |
Essential |
make a meta package for the kernel |
| security-q-kernel-backports |
Essential |
update-motd notification |
|
Tyler Hicks
|
Done |
security-q-catch-all-essential |
Essential |
look at how to split/deactivate networking interface in auditd (maybe already handled in packaging) (essential) (1) |
| security-q-catch-all-essential |
Essential |
auditd daemon-only package (essential) (0.5) |
| security-q-catch-all-essential |
Essential |
prepare MIR request for auditd (essential) (0.5) |
| security-q-catch-all-essential |
Essential |
fix sudo bug #982684 (sudo doesn't apply global environment settings from /etc/environment) (essential) (3) |
| security-q-catch-all-essential |
Essential |
investigate LUKS key management utilities to improve full disk encryption support in Ubuntu (since Ubiquity will implement this soon) (essential) (3) |
| security-q-ecryptfs |
High |
ensure tests run on all supported Linux filesystems (medium) (2) |
| security-q-ecryptfs |
High |
document test writing in the tests/README file (low) (0.5) |
| security-q-ecryptfs |
High |
to bring cking up to speed on aes-ni investigations so far (high) (0.5) |
| security-q-ecryptfs |
High |
remove passthrough (high) (0.5) |
| security-q-ecryptfs |
High |
remove xattr metadata support (high) (0.5) |
| security-q-ecryptfs |
High |
handle the zero-length file problem at the kernel level (high) (2) |
| Postponed |
security-q-apparmor-dev-essential |
Essential |
base policy introspecition interface - upstream (high) (2) |
| security-q-apparmor-dev-essential |
Essential |
extend base policy introspection interface - kernel (high) (3) |
| security-q-apparmor-dev-essential |
Essential |
base policy introspection interface, virtualize policy dir (high) (5) |
| security-q-ecryptfs |
High |
announce feature deprecation (high) (0.5) |
| security-q-ecryptfs |
High |
remove EXPERIMENTAL label (high) (1.5) |
| security-q-apparmor-dev-dbus |
High |
dbus daemon, read from new kernel interface - dbus - deps kernel policy interface (high) (4) |
| security-q-apparmor-dev-dbus |
High |
dbus daemon, use aa_getpeercon - dbus - deps working aa_getpeercon (high) (1) |
| security-q-apparmor-dev-dbus |
High |
dbus daemon, update dbus hooks - dbus (high) (2) |
| security-q-catch-all |
Medium |
confirm performance/size improvement with qed (low) (0.5) |
| security-q-catch-all |
Medium |
create AppArmor profile for auditd (high) (1) |
| Todo |
Blocked |
In Progress |
Done |
Postponed |
|
cking
|
|
|
|
|
|
|
|
C de-Avillez
|
|
|
|
|
|
|
|
James Page
|
|
|
|
|
|
| find out icedtea's official position on openjdk-6 eol (high) (0.5) |
| security-q-openjdk |
Essential |
|
|
Jamie Strandboge
|
|
|
|
|
| implement deferred date handling in UCT and adjust cve alerts to use it (medium) (0.5) |
| security-q-catch-all |
Medium |
| adjust cve_alerts to use heuristics so things with say 14 lows and no mediums still show up in the list (medium) (0.5) |
| security-q-catch-all |
Medium |
| add umt compare-bin --ppa to copy_sppa_to_repo and then do a compare-bin on those pulled (low) (0.5) |
| security-q-catch-all |
Medium |
| fix UCT/scripts (et al) to be able to run from reviewed/ on lillypilly (high) (1) |
| security-q-catch-all |
Medium |
|
| fix database for early USNs with embedded utf-8 characters (medium) (0.5) |
| security-q-catch-all |
Medium |
| documentation on how to consume the json db for landscape (medium) (0.5) |
| security-q-catch-all |
Medium |
| (thunderbird aa profile) look into method to work better with sanitized_helper (medium) (0.5) |
| security-q-catch-all |
Medium |
|
|
Jean-Baptiste Lallement
|
|
|
|
|
|
|
|
John Johansen
|
|
|
|
|
|
| policy interface, usertool change notification - kernel - deps base introspection (medium) (5) |
| security-q-apparmor-dev |
Medium |
| upstream, lsm_audit - allow passing of GFP flags to reduce chance of dropping (low) (2) |
| security-q-apparmor-dev |
Medium |
| come up with list of configs to turn on for QA during early builds and then turn off before release. May use another flavor to |
| hardware-q-kernel-config-review |
Essential |
| (ec2 lucid migration) talk to smoser for any concerns or usage numbers (high) (0.5) |
| security-q-catch-all |
Medium |
| (ec2 lucid migration) if there are security fixes, push through -security, otherwise -proposed (high) (0.5) |
| security-q-catch-all |
Medium |
| (ec2 lucid migration) ensure we have a back out plan in case this was a problem (high) (0.5) |
| security-q-catch-all |
Medium |
|
|
Kees Cook
|
|
|
|
|
|
| send an email about suid_dumpable=2 should not be the default (high) (0.5) |
| security-q-catch-all |
Medium |
|
|
Dustin Kirkland
|
|
|
|
|
|
| create a userspace ecryptfs-janitor type tool that cleans up zero-length files |
| security-q-ecryptfs |
High |
|
|
Marc Deslauriers
|
|
|
|
|
|
| figure out a way to make Ubuntu profiles available to others once we have shipped them (low) (1) |
| security-q-apparmor-dev |
Medium |
| list the linux kernel meta package in the CVE tracker in all cases (1.5) (high) |
| security-q-catch-all |
Medium |
| add to regression tests that firewire dma is off and the old driver is blacklisted (low) (0.5) |
| security-q-catch-all |
Medium |
| update umt compare-log for handle two releases with the same orig package version (low) (0.5) |
| security-q-catch-all |
Medium |
|
|
Micah Gersten
|
|
|
|
|
|
| get tbird apparmor profile into the apparmor-profiles repository (medium) (1.5) |
| security-q-catch-all |
Medium |
| enable the seccomp2 backend in chromium-browser instead of using the setuid sandbox (high) (1) |
| security-q-catch-all |
Medium |
|
|
Steve Beattie
|
|
|
|
|
| contact RHEL people to try and arrange co-maintenance (essential) (0.5) |
| security-q-openjdk |
Essential |
|
| investigate seccomp2 support in AppArmor. Additional work items may fall out as a result of this investigation. (medium) (2) |
| security-q-apparmor-dev |
Medium |
| investigate debsums.ubuntu.com and document proper use of debsums with a livecd (low) (1.5) |
| security-q-catch-all |
Medium |
| fix qrt apache scripts for working with upstream testsuite (medium) (1.5) |
| security-q-catch-all |
Medium |
| investigate appropriate uses of seccomp2 support in Ubuntu and send report to security team (high) (3) |
| security-q-catch-all |
Medium |
|
|
Scott Moser
|
|
|
|
|
|
|
|
Tim Gardner
|
|
|
|
|
| write messaging surrounding using the new enablement meta package, how to temporarily stay on the new kernel, etc. https://wiki.ubuntu.com/Kernel/Release/Rolling |
| security-q-kernel-backports |
Essential |
| ensure QA is doing testing of enablement on point releases, https://wiki.ubuntu.com/QATeam/AutomatedTesting/UpToDateKernel |
| security-q-kernel-backports |
Essential |
|
|
|
Tyler Hicks
|
|
|
|
|
| look at how to split/deactivate networking interface in auditd (maybe already handled in packaging) (essential) (1) |
| security-q-catch-all-essential |
Essential |
| investigate LUKS key management utilities to improve full disk encryption support in Ubuntu (since Ubiquity will implement this soon) (essential) (3) |
| security-q-catch-all-essential |
Essential |
| to bring cking up to speed on aes-ni investigations so far (high) (0.5) |
| security-q-ecryptfs |
High |
|
|
