security: add timeline, contact, and priority info #41
Conversation
Signed-off-by: Mark Esler <[email protected]>
|
I burned a lot of karma and brownie points because of that; and will still be paying for landing those........ I did not set a precedent. |
This comment has been minimized.
This comment has been minimized.
|
We were already discussing setting a timeline before the x13s packages.
The director clause was added for exceptional cases, like hardware enablement. The intent is to make things smoother, not to add blocks. |
Signed-off-by: Mark Esler <[email protected]>
This comment has been minimized.
This comment has been minimized.
|
Historically the security team has not been able to perform reviews with low enough latency and high enough throughput to deliver the necessary reviews early enough in the cycle -- we'd often be finishing them in the week before release, even if the consequences of the MIR succeeding or failing might require unrealistically large changes in short notice to implement or roll-back the changes. We've wanted to have a submission deadline for years and it's perhaps fortuitous timing that we've got much more capacity at roughly the same as we've got some excellent examples of truly last-minute requests. :) In an ideal world this wouldn't actually be much of a change -- hopefully everyone has the clear bulk of their work ready by feature freeze, and hopefully the MIR team has enough capacity to assign further security reviews as necessary, etc. So, no, please don't take this personally -- but yes, the timing of those requests is a decent indicator of why we'd like the change. Thanks |
|
This should address the spell-check errors, if I've done a good job of it anyway: Thanks |
|
Ha, apparently I only addressed warnings, and not errors. So, here's one to fix |
This comment has been minimized.
This comment has been minimized.
@check-spelling-bot Report🔴 Please reviewSee the 📂 files view, the 📜action log, or 📝 job summary for details. Unrecognized words (1)Mattermost To accept these unrecognized words as correct, you could run the following commands... in a clone of the [email protected]:eslerm/ubuntu-mir.git repository curl -s -S -L 'https://raw.githubusercontent.com/check-spelling/check-spelling/main/apply.pl' |
perl - 'https://github.com/canonical/ubuntu-mir/actions/runs/6696241935/attempts/3'Available 📚 dictionaries could cover words (expected and unrecognized) not in the 📘 dictionaryThis includes both expected items (13) from .github/actions/spelling/expect.txt and unrecognized words (1)
Consider adding them (in with:
extra_dictionaries:
cspell:cpp/src/stdlib-c.txt
cspell:python/src/python/python-lib.txt
cspell:npm/dict/npm.txt
cspell:elixir/dict/elixir.txt
cspell:sql/src/tsql.txtTo stop checking additional dictionaries, add (in check_extra_dictionaries: ''Warnings (1)See the 📂 files view, the 📜action log, or 📝 job summary for details.
See ℹ️ Event descriptions for more information. ✏️ Contributor please read thisBy default the suggested command will add the listed items to the.github/actions/spelling/expect.txt. This is not always desired!
If a listed items is
See the 🔬 You can test your commits without appending to a PR by creating a new branch with that extra change and pushing it to your fork. The check-spelling action will run in response to your push – it doesn't require an open pull request. By using such a branch, you can limit the number of typos your peers see you make. 😉 |
|
All spelling issues fixed, plenty of approvals and pre-discussed at the sprint. Merging ... |
Late in the Mantic cycle Security approved three MIRs (LP#2030482 and two in LP#2038942). From this Security learned that we need to improve our documentation and set expectations.
@setharnold does Beta Freeze sound appropriate to you? That is tight, but feels workable.
@frank-heimes @xnox