data-platform team mailing list archive

Thread
Date

Data Platform PPAs inclusion request accepted

To: Michelle Tabirao <michelle.tabirao@xxxxxxxxxxxxx>, data-platform@xxxxxxxxxxxxxxxxxxx, mykola.marzhan@xxxxxxxxxxxxx
From: Emilia Torino <emilia.torino@xxxxxxxxxxxxx>
Date: Tue, 16 Apr 2024 17:56:24 -0300
Autocrypt: addr=emilia.torino@xxxxxxxxxxxxx; keydata= xsFNBGVosNEBEADnJ7DhUsHpJwqS7EJBB2bCLs4AjuWr3GIfmKnOYYjMzCJ1nA9kRv/x+JJk /ZRXIgTjnuaQLeCazvtMuls/v74Xu41C8ZXCBRpEVU07G94bbmTS1t0kTtNlq8XwHPcyFhsM I+Gi0qEFMMb5rZsnBBQOMGz8kR18UBW768atunqN8+jQ/kdH4M9RYssHq9v6NQ1FWTZ6RjN4 b7+mRy3uQXk2kqkZg/CqKVcEy6DXQUyw9MTtJd8XCRE29OXYrWIv+Dkve6W0ybxvH6YpR8ID E6s1rZ6tPzLqoEFcGO7CegLA8Ii+5uotWpTc0VAx/ojaHoYBWkiQk3hQ3h5UH+selsDwviuj vFYgMngC0Yie8SIBECKxuVrGB118022X701s4Y7jhJO5f8FZxeoI9NMs0DwwN7LQQtKwIOG5 BO885756H/bz4m8FYRZoefxsKjZ+AB+fHHdlGJMolFzme4eZKp0479dxdXdrP4pUQLV/S6Cx 13bljGgZQDgc6KhzoYnr6CMC0LSHfMnfagsUDvteTyJJZNcBpLamXfhcsvb2alub8FM/mvVu AEWrRoTVWIPehXAwPPbYpi18V+efTvwh7EFcBOqzFUYCMKl0Hm1fUCavMu3NefOMNbWDF9Kt MEJIBW7eRBOSVJPNtP2HmphR7FnpjUiX+RLKigXL2FdLjnxZewARAQABzTFNYXJpYSBFbWls aWEgVG9yaW5vIDxlbWlsaWEudG9yaW5vQGNhbm9uaWNhbC5jb20+wsGUBBMBCgA+FiEEGANt Tph7xyUlwU9XWhiR06yeES4FAmVosNECGwMFCQWjmoAFCwkIBwIGFQoJCAsCBBYCAwECHgEC F4AACgkQWhiR06yeES7XXQ/+J+IpOOCKlbxnaJ+/yEE5G8ZIqgS6rvhtDAFCqmJ8lN3ntvso ZoOzNz9P0jIsTxsmaYivgXzbVtvAK9IjX5X0Z+FSBa22nkTmSQSK+yK/s/OZbZ015KIundU4 zm1bIaltTC3L8KyciLmuKrNiCF/IL85oO+DBiTcDhTDglrI9QJCQ9hX5quf4IFJAAhHIOTuB Jfb1UcVjg2UbYdqMlqhLm8STweEu1EaUqfoYaYT92tsoUqAgIXt+Lv0Zsy+qEl8nqWHh/FE5 Xy4iDTya4ML6SmpQITsPPVZ0syLa7cXvMMJYxuFibxxh7scdZNv38MXBjKAykCfIw7Wa4TwH kcinuw4Nvs04ipwXkMyeoTHmftHLUNa9feefIcfx8OrZoVqhOcghZFbDxd6FqfLdEDuAL48G d9X2MW+V8DpP6pHrnOzid480Xywy0Io/Dm+v08Kn0QP7Q2zBN+qp0gqzZYOpCdROglAdMp07 mKqTkw9rySArZqHa4OWi7lIK88Bw4pIVQI+5+0LU0mRAIxb84v68hU6Ld00SGURyHtowVNGW OSLllQhObpXwtmq16yT/cQEpoic6qyte1Gow+Auk0izJeExisFX3MwDtYFh+8BEyK5pqEVwG D8udbHUHobA9+ABLbj+tW5KkyNURt55kpxRVOmA5Q/BpWEE7kUZXUxlz2ZLOwU0EZWiw0QEQ AKkFX1OyUnCyTMiar5DqiECrKNnc2sodACXN0/nyw6XfinTDgXEl0te6OpLQHjYD30Oe7Q6b WJG0ssmavfukylzFY4GMLkhaueFQrVWIUCr0k+R4C7Q6zqkBuNLZc08YvtdvMoA37W18I0V+ z0OpsEY2H+k12M4A/7fGaAwPyYYVGtxNhFE3QtmxwQrcB2njUgvz7Zkgi++Kzr4lKM4Dbwz2 HlFo18Rd4SLpR5fvIQnFU+pwuCkNSXDuJsOooBVbv/wmoUhVwBLSXuWS9bc0616GpVoHObnl qQcuxqWJ5fhU0fjx1E3tKTQlZzmatRY0KD7IEbyNCF/UyRFoqe1qZroGJUIP0CI2cebuyAEe eekbPWFHrfQJwijN+JLJjBo097igf/EPKZ0e9d3plggHyyPVogaEoYn5MpaiAA2b/krCZO2i +jdNn5pWB2Sc60FbDoIIMQGG8NP2VxIQwxCK6J7oaH/SMYhDEqbJy8nQWAl9+BawY41VsjrR nFoVC6MMkzU6p8c4hNFH12m6BZ0hVP0Z3rPaZtQku7Rc5Mp3/94R0Sn5GyB4c0s8JCh+FNeo PBPHqjm7MCcV+Te5FmrbeeTE1uzKn+943X1aE/sou/jMFIcflAlJ45Rc48RZP/Mhq/5ltlHp Th0eZzVcRJWd4uzv+e7Ye+Pu15T7NuXilC1fABEBAAHCwXwEGAEKACYWIQQYA21OmHvHJSXB T1daGJHTrJ4RLgUCZWiw0QIbDAUJBaOagAAKCRBaGJHTrJ4RLrTzEACG600CVaL0iDQDPsZk mCOLqXFQ20aQGIPJduml9kTfs24oH5bBK4je3g2HqqGOZaTf2Ia3zk5flKkuj+SxKXVfqsUc Et3Hseo9mKEwA363M26iVRCISfjFjKmnXKD7k8EUhHSNSvup91AfzEKatbx7MJw1yd0oij9q tutxijeO7vJlyxqANnc8VQImffwXpS1kQOoY3Ge+ZvGCacSPTbVQMaY38YlJB76KKqDPahCW ayCcwO2Cg3fgo/OFEd21kYNv8C3g9L3Wyl/0+l6ExUFi0WROkH48tubjH1Zl1ipG4LC9azU9 W030SxyF5vGKdc9kGiu6qDc9OXBT53BUMb+oxrDOLOJb9FzynCw7UcH6ALN4Zo+cdEd26sjs CWR30t9i+RLoC/hpo8KJcIFfeFiyE0XcjYoH/aHSizb7KFMQfIlqfGV1HWHBHcXhIPV9cmHD FU4k85SpzNBLW2qz9Z2JDg872WGZOnhcLWI7FYnUwG3ZJM8PZrxJ2FcTkA6h+u3xbc8E+NW7 g2GUdbnNbLRqYZIPSYfj3NMxClB48LEcFRP7KIfwBdUFiI5DE4QCvmv4FVb6sZRidpqj329q ZWgOlTBfQOscZHy8CkJyuWhSoX08brERSj4akSpPLhwbOaLLH/CrUNq2c0hZ3Y40ErsADjm+ nDqfJs/fMJw/Af2j3g==
Cc: Alex Burrage <alex.burrage@xxxxxxxxxxxxx>, Tom Martin <tom.martin@xxxxxxxxxxxxx>, customer-ppa-security-crew@xxxxxxxxxxxxxxxxxxx, Mauricio Oliveira <mauricio.oliveira@xxxxxxxxxxxxx>, rob.gibbon@xxxxxxxxxxxxx
User-agent: Mozilla Thunderbird

Hi Michelle,

Thanks for requesting the inclusion of the charmed-mongodb,mongodb-exporter and percona-backup-mongodb PPAs. We would like toconfirm that the request has been accepted and the details has beenadded to the tracking repository:


charmed-mongodb

* Project details:https://git.launchpad.net/ubuntu-security-customer-ppa-tracking/tree/data-platform-charmed-mongodb/project.yml* Configuration details:https://git.launchpad.net/ubuntu-security-customer-ppa-tracking/tree/data-platform-charmed-mongodb/config.yml

* Release specific details:
  - Ubuntu 22.04:

> supported packages:https://git.launchpad.net/ubuntu-security-customer-ppa-tracking/tree/data-platform-charmed-mongodb/jammy-supported.txt


mongodb-exporter

* Project details:https://git.launchpad.net/ubuntu-security-customer-ppa-tracking/tree/data-platform-mongodb-exporter/project.yml* Configuration details:https://git.launchpad.net/ubuntu-security-customer-ppa-tracking/tree/data-platform-mongodb-exporter/config.yml

* Release specific details:
  - Ubuntu 22.04:

> supported packages:https://git.launchpad.net/ubuntu-security-customer-ppa-tracking/tree/data-platform-mongodb-exporter/jammy-supported.txt


percona-backup-mongodb

* Project details:https://git.launchpad.net/ubuntu-security-customer-ppa-tracking/tree/data-platform-percona-backup-mongodb/project.yml* Configuration details:https://git.launchpad.net/ubuntu-security-customer-ppa-tracking/tree/data-platform-percona-backup-mongodb/config.yml

* Release specific details:
  - Ubuntu 22.04:

> supported packages:https://git.launchpad.net/ubuntu-security-customer-ppa-tracking/tree/data-platform-percona-backup-mongodb/jammy-supported.txt

  - Ubuntu 23.10:

> supported packages:https://git.launchpad.net/ubuntu-security-customer-ppa-tracking/tree/data-platform-percona-backup-mongodb/mantic-supported.txt

You and other indicated points of contact have been added as subscribersto this repository. If changes are required in the future, pleaserequest them by creating a merge proposal in Launchpad.

But as mentioned in the other email thread, we still need clarificationsfor the items below:

- Support until 2032: upstream EOD is 31-Jul-2025 for Percona Server forMongoDB 6.0 3 and TBD for Percona Backup for MongoDB as perhttps://www.percona.com/services/policies/percona-software-support-lifecycle.The security team usually doesn't support packages versions after theirEOL (e.g. OpenJDK or MySQL). It seems this is already committed, so weexpect the data platform team to assist our work after EOLs since theyare more familiar with the packages and their internals. We will discussthis further with Alex Burrage, but did not want to block this requestfor longer.

- ESM Support: We are assuming the expectation is to have ESM stylesupport: available critical, high, and selected medium CVE fixes. Pleaselet us know otherwise.

- Package updates delivery path/processes: can you please explain how weshould propose/upload patches? Should we follow any special versioningscheme? Should we use the PPAs packages are copied from? (e.g.https://launchpad.net/~taurus/+archive/ubuntu/test-psmdb6).

- Git repository: https://launchpad.net/~data-platform was indicated. Wedon't see git repositories there, only PPAs. It is fine if the team doesnot work with git. But asking just in case.

- Architectures: The security team does not yet have special hardware totest, so we only build/test on amd64. I see some packages are built oni368 and it is expected to support ARM7 in 24.04. The data platform teamwill need to assist with this.

- Percona Server MongoDB version: The PPA is at version 6.0.6-5, butthere are newer 6.0.x upstream versions athttps://github.com/percona/percona-server-mongodb. It was indicated thatin 24.04 a minor version upgrade will be available. Will the existingone for jammy gonna be upgraded or even maintained? The more we deviatefrom upstream on their versions, the more complicated the backports can be.

- golang-1.21: Any reason to not use the archive version that we shouldbe aware?



Mauricio/Tom: Do you have any support further question?


From this moment on, the PPA is being monitored by the Ubuntu Security
and SEG teams. For security related questions or issues, please join the

~Security-engineering mattermost channel or write tosecurity-crew@xxxxxxxxxxxxxxxxxxx.For support questions please join the ~Canonical Support channel, andfor SEG (Sustaining Engineering Group/team) questions please join the

~Sustaining Engineering channel.

In case of regressions detected with a bug-fix provided by SEG, please
create a case in the support portal (see ‘Canonical Staff Help Desk

Support’ in the [New StarterTasks](https://sites.google.com/a/canonical.com/about-canonical/home/new-starter-tasks)page).