Distro security updates in Launchpad

Registered by Adam Conrad

At present, due to soyuz being "not quite there yet" as far as supporting security embargos and other fun stuff, we use a hideous hack involving uploading security uploads to a katie instance, then publishing them to soyuz when we do the release announcement.

This spec should discuss, among the soyuz team and the security team, what precisely needs to be addressed and tested in soyuz so that we can ditch the above hack and move to using soyuz directly for security. Not only will this drastically reduce complexity, but it has the added bonus of giving me my buildds back. :)

Blueprint information

Celso Providelo
Needs approval
Julian Edwards
Pending Approval
Series goal:
Accepted for 2.1
Milestone target:
Started by
Julian Edwards
Completed by
Julian Edwards


Julian 2008-04-28 - Ready to roll once IS implements RT #30241
Julian 2008-03-20 - Beta available on dogfood
Julian 2007-11-26 - Waiting for private PPA infrastructure, which will be used to implement the embargoed archive.
Julian 2007-07-30 - Once Soyuz commercial repo is implemented (which introduces multiple archives per distro), we can write a tool that copies packages across archives, in this case from "embargoed" to "primary".
sabdfl 30/06/06 this is important but does not trump PPA's, reducing to High priority
malcc 5/11/06: Re-opening for discussion at MTV.
kamion 2006-11-08: review OK
cprov 2007-08-20: will be implemented in 1.1.9 after having Commercial-Repo (and its infrastructure in place).

mdz 2006-11-09: says in one place that the publishing may or may not be handled by the security script, then later that it will be. Please clarify.

malcc 2006-11-09: clarified to say it won't be; there's a future issue already listed for changing it so that it will be.


Work Items

Dependency tree

* Blueprints in grey have been implemented.