Ubuntu CVE Tracker

Merge ubuntu-cve-tracker:ros-esm into ubuntu-cve-tracker:master

  1. Git
  2. lp:ubuntu-cve-tracker
  3. ros-esm
  4. Merge into master
Proposed by Florencia Cabral
Status: Merged
Merged at revision: a1d32602a4acd516c9ee139cf9248a1ac3b1413d
Proposed branch: ubuntu-cve-tracker:ros-esm
Merge into: ubuntu-cve-tracker:master
Diff against target: 31 lines (+13/-1)
2 files modified
README.ros-esm (+12/-0)
scripts/cve_lib.py (+1/-1)
Reviewer Review Type Date Requested Status
Eduardo Barretto Approve
Review via email: mp+428989@code.launchpad.net

Commit message

Add README.ros-esm, edit EOL tag for ROS ESM distros

Description of the change

* Add README.ros-esm with guidance on handling ROS ESM CVEs.
* Edit to scripts/cve_lib.py: change ROS Kinetic (Xenial) to non-EOL.

To post a comment you must log in.
Revision history for this message
Eduardo Barretto (ebarretto) wrote :

A few comments, let me know what you think

Revision history for this message
Eduardo Barretto (ebarretto) wrote :

LGTM

review: Approve
Revision history for this message
Eduardo Barretto (ebarretto) wrote :

is this going to be merged?

Preview Diff

[H/L] Next/Prev Comment, [J/K] Next/Prev File, [N/P] Next/Prev Hunk
1diff --git a/README.ros-esm b/README.ros-esm
2new file mode 100644
3index 0000000..53d43f5
4--- /dev/null
5+++ b/README.ros-esm
6@@ -0,0 +1,12 @@
7+ROS ESM
8+-------------------------
9+The Robotics team maintains the ROS (Robot Operating System) ESM as a separate service from regular ESM. For more details on ROS ESM, you can visit its wiki page: https://wiki.canonical.com/UbuntuEngineering/Security/ROS-ESM/
10+
11+Currently, ROS ESM supports two distros: ROS Kinetic, for Ubuntu Xenial, and ROS Melodic, for Ubuntu Bionic.
12+
13+To determine the package you’re working on is a ROS ESM package, please refer to the list of supported packages for ROS Kinetic ('ros-esm-xenial-kinetic-supported.txt') and ROS Melodic ('ros-esm-bionic-melodic-supported.txt').
14+
15+How to proceed?
16+
17+If a CVE affects a ROS ESM package, just notify the Robotics team via Mattermost (https://chat.canonical.com/canonical/channels/robotics), and leave its status as 'needs-triage'.
18+
19diff --git a/scripts/cve_lib.py b/scripts/cve_lib.py
20index fe8e4f5..5433765 100755
21--- a/scripts/cve_lib.py
22+++ b/scripts/cve_lib.py
23@@ -182,7 +182,7 @@ subprojects = {
24 "description": "Available with UA ... https://ubuntu.com/advantage",
25 },
26 "ros-esm/kinetic": {
27- "eol": True,
28+ "eol": False,
29 "packages": ["ros-esm-xenial-kinetic-supported.txt"],
30 "name": "Ubuntu 16.04 ROS ESM",
31 "codename": "Xenial Xerus",

Subscribers

People subscribed via source and target branches