unpackaged kernels need duplicated review process
| Affects | Status | Importance | Assigned to | Milestone | |
|---|---|---|---|---|---|
| Canonical System Image |
Confirmed
|
Undecided
|
Unassigned | ||
Bug Description
we do not have a kernel package in the archive for the phone products (which causes lots of problems for people wanting to just quickly build a kernel module following the normal ubuntu cross compile guides for kernels)
these kernels do not get the typical regular set of reviews from the different ubuntu teams they would get were they in the archive (which already made us miss license issues).
the current kernel config we are shipping has no modules enabled and does not include all kernel options a typical ubuntu kernel would have.
we ship apps in the rootfs that rely on certain features in ubuntu kernels, so if we do not want a kernel package, we need to make sure that a parallel review process from the different teams gets established to make sure the shipped kernels get the neccesary (and regular) license, security and config reviews in the different distro teams.
this specific bug is tiggered by the fact that we ship ufw in preparation of confining app network access, but do not ship any firewall capabilities in the phone kernels at all... see bug 1440310
we need:
* regular review by the security team
* regular config review by the kernel team: our userspace is rolling and apps might change expectations for generically enabled config and features, our kernel needs to be kept in sync with this.
* license reviews for new incoming kernels (usually done by the archive admins, but we do not have a package)
| Changed in canonical-devices-system-image: | |
| assignee: | nobody → John McAleely (john.mcaleely) |
| status: | New → Confirmed |
| Changed in canonical-devices-system-image: | |
| assignee: | John McAleely (john.mcaleely) → nobody |
