| === chris14_ is now known as chris14 | ||
| === JanC_ is now known as JanC | ||
| UnivrslSuprBox | What was the (potentially compiler?) bug that required the world to be rebuilt post-patch, causing Launchpad to be unusable for weeks during mitigation? That I can't remember it very well makes me think it happened mid-late 2020, but I'm not sure. Anyone else remember? | 14:25 |
|---|---|---|
| === sdeziel_ is now known as sdeziel | ||
| mdeslaur | Doesn't ring a bell, sorry | 14:45 |
| UnivrslSuprBox | Hmm. Maybe the scope was smaller, like the Security team wanting the build machines to be patched with it before anything else. The major strokes I remember are Launchpad's builder network being blocked for a long time and many package rebuilts. | 14:55 |
| mdeslaur | we may have had a compiler issue in the dev release, or a last-minute change to how a new arch was being built, but I don't track the dev release that closely | 15:05 |
| UnivrslSuprBox | Hmm. Might it have been the aftermath of https://ubuntu.com/security/CVE-2020-13844 ? Was a large part of the archive rebuilt for it? | 15:18 |
| -ubottu:#ubuntu-security- Arm Armv8-A core implementations utilizing speculative execution past unconditional changes in control flow may allow unauthorized disclosure of information to an attacker with local user access via a side-channel analysis, aka "straight-line speculation." <https://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2020-13844> | 15:18 | |
| mdeslaur | we've never done an archive rebuild for a security issue before in the stable releases | 15:24 |
| mdeslaur | as far as I can remember | 15:24 |
| mdeslaur | the biggest I can remember is when we rebuilt a hundred packages or so for a golang issue | 15:25 |
| amurray | UnivrslSuprBox: there have been issues in the past (usually hardware speculative execution vulns etc), where we have wanted them deployed to the LP builders etc quickly, so that they are not susceptible to attack from malicious uploads etc - but I don't recall having to then rebuild-the-world as a result | 19:56 |
| === sdeziel_ is now known as sdeziel | ||
Generated by irclog2html.py 2.7 by Marius Gedminas - find it at mg.pov.lt!