Vulmon
On Tue, Jul 27, 2021, at 11:59 AM, Solar Designer wrote:
How many examples should I provide? The last security patch I did was for
systemd. We have patches on systemd which means we cannot use the Ubuntu
version directly, so when, for example, CVE-2020-13529 and CVE-2021-33910
patches arrived in Ubuntu 21.04 on July 20, 2021, I applied them to our own
fork of systemd for Pop!_OS 21.04 that same day:
- https://launchpad.net/ubuntu/+source/systemd/247.3-3ubuntu3.4
- https://github.com/pop-os/systemd/commit/bf008f836b8740f6634d02526d1f38c98fa6699a
Pop!_OS needs to participate in linux-distros to ensure we have patches ready
for our forks of packages that do not come straight from Ubuntu. I listed the
relevant packages in my original email, many of which we have had to do
security updates for after some embargo lifts, with very little time to prepare.
That would be fine, but I would be curious if there is some reason they have
not been fulfilling this task.
I believe Tyler Hicks is willing to do this.