Public bug reported:
[Impact]
When producing a new version of some kernels, we need to check for
changes that might affect FIPS or other certs and justify why a commit
was kept or removed.
To simplify this process we can add an automated check that will abort
the kernel preparation and build when such changes exist without a
justification.
[Test Plan]
Check if the kernel preparation fails (cranky close) when one of a
security certification changes is added.
[Where problems could occur]
No kernels should be affected until we enable this check on each one.
Even when enabled, that only affects the kernel preparation and not the
resulting kernel.
** Affects: linux (Ubuntu)
Importance: Undecided
Assignee: Marcelo Cerri (mhcerri)
Status: New
** Affects: linux (Ubuntu Bionic)
Importance: Undecided
Assignee: Marcelo Cerri (mhcerri)
Status: New
** Affects: linux (Ubuntu Focal)
Importance: Undecided
Assignee: Marcelo Cerri (mhcerri)
Status: New
** Affects: linux (Ubuntu Impish)
Importance: Undecided
Assignee: Marcelo Cerri (mhcerri)
Status: New
** Also affects: linux (Ubuntu Bionic)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Focal)
Importance: Undecided
Status: New
** Also affects: linux (Ubuntu Impish)
Importance: Undecided
Status: New
** Changed in: linux (Ubuntu Bionic)
Assignee: (unassigned) => Marcelo Cerri (mhcerri)
** Changed in: linux (Ubuntu Impish)
Assignee: (unassigned) => Marcelo Cerri (mhcerri)
** Changed in: linux (Ubuntu Focal)
Assignee: (unassigned) => Marcelo Cerri (mhcerri)
** Summary changed:
- Check for changes relevant for security certification
+ Check for changes relevant for security certifications
--
You received this bug notification because you are a member of Kernel
Packages, which is subscribed to linux in Ubuntu.
https://bugs.launchpad.net/bugs/1945989
Title:
Check for changes relevant for security certifications
Status in linux package in Ubuntu:
New
Status in linux source package in Bionic:
New
Status in linux source package in Focal:
New
Status in linux source package in Impish:
New
Bug description:
[Impact]
When producing a new version of some kernels, we need to check for
changes that might affect FIPS or other certs and justify why a commit
was kept or removed.
To simplify this process we can add an automated check that will abort
the kernel preparation and build when such changes exist without a
justification.
[Test Plan]
Check if the kernel preparation fails (cranky close) when one of a
security certification changes is added.
[Where problems could occur]
No kernels should be affected until we enable this check on each one.
Even when enabled, that only affects the kernel preparation and not
the resulting kernel.
To manage notifications about this bug go to:
https://bugs.launchpad.net/ubuntu/+source/linux/+bug/1945989/+subscriptions
--
Mailing list: https://launchpad.net/~kernel-packages
Post to : kernel-packages@lists.launchpad.net
Unsubscribe : https://launchpad.net/~kernel-packages
More help : https://help.launchpad.net/ListHelp
