[00:01] https://ide.c9.io/wxl/sqawesomesauce XD [00:02] wxl: LOL XD [00:03] wxl: Pls gimme access [00:12] tsimonq2: looks like it's too limited to handle lxd. gimme your infos [00:20] wxl: Ok, sec [00:29] wxl: ssh ubuntu@dev.kubuntu.co.uk -p 2202 [00:30] 1s [00:30] gotta "go home" first [00:30] k [00:30] wxl: So how long? [00:31] tsimonq2: is that a shared container? [00:32] wxl: No it's "mine" [01:46] Is there a better way to merging new Debian revisions while keeping the Ubuntu delta besides merging the diff from the two Debian revisions into the Ubuntu revision with the delta? === alan_g is now known as alan_g|lunch === alan_g|lunch is now known as alan_g === Pici` is now known as Pici === jamespag` is now known as jamespage [19:34] Hello, how are security issues with Ubuntu universe packages handled? [20:02] Yawning: anyone can contribute a security fix, and the security team will review and upload it if it is good. But Canonical do not make any commitment for security updates to packages in universe. Some packages in universe are very well maintained security-wise; some aren't. [20:09] Who should I talk to about https://bugs.launchpad.net/ubuntu/+source/bubblewrap/+bug/1643734 [20:09] Launchpad bug 1643734 in bubblewrap (Ubuntu) "privilege escalation via ptrace (CVE-2016-8659)" [Undecided,Incomplete] [20:10] the security team told me "make a deb diff" [20:10] but I use neither debian, nor ubuntu [20:11] I write software the depends on bubblewrap, that I'd like my users to be able to run on ubuntu, but not enough to learn the intracasies of packaging, basically [20:13] Zesty has a newer package that contains the security fix [20:15] Unfortunately you need to know a little about packaging in order to prepare a security update. [20:15] and I probably need to also use Ubuntu [20:16] That would be the easiest way, yes. It is possible to do it without Ubuntu but that is non-trivial. You can however easily create a VM or machine container running Ubuntu, so you don't need to reinstall your own machine or anything. [20:16] yeah [20:16] Is this documented anywhere? [20:16] The "debdiff" command produces a debdiff given two source packages. So create a source package with the changes you want to ship to Ubuntu users, and then use "debdiff" to supply what you want changed to the security team. [20:17] ah [20:17] Creating a container? [20:17] https://www.ubuntu.com/cloud/lxd [20:17] no, I have that, the debdiff part [20:17] Or https://linuxcontainers.org/lxd/getting-started-cli/ [20:17] so I can diff the new package in zesty, vs the old vulnerable one in yakkety and be done? [20:18] or is it slightly more involved than that [20:18] Security updates should apply *only* the security fix required and no other changes. [20:18] ah [20:18] so it's like the debian apprach [20:18] ok [20:18] See https://wiki.ubuntu.com/SecurityTeam/UpdatePreparation for some documentation [20:20] Ok, thanks, I midht do that if I have time, but no promises [20:23] Sorry for the dumb questions.