Ubuntu

Finalize new Ubuntu Security Notice format

Registered by Kees Cook on 2009-04-28

Work was done during the last sprint to draw up a potential new USN format that would improve on the existing email and web announcements. This would finalize that work, getting input from the community and other interested parties.

Read the full specification

Blueprint information

Status:: Not started

Approver:: None

Priority:: Undefined

Drafter:: Jamie Strandboge

Direction:: Needs approval

Assignee:: Jamie Strandboge

Definition:: Approved

Series goal:: Proposed for karmic

Implementation:: Deferred

Milestone target:: None

Related branches

Related bugs

Sprints

uds-karmic

Whiteboard

I. Introduction
  A. current format http://www.ubuntu.com/usn/usn-764-1
  B. problems
II. Goals and requirements
  A. target audience
  B. standards
  C. information
  D. website and email
III. Work done (proposed format)
  https://wiki.ubuntu.com/SecurityTeam/Specifications/USNSpec
IV. Remaining items

Security team currently publishes two things:
* USN - goes to mailing list (ubuntu-security-announce@) and is published at ubuntu.com/usn
* changelog - appears (optionally) in Update Manager

A human-readable change description could appear in the Debian .changes field

Format is partly constrained by Opel-compliance, which some governments/organizations care about

do not include severity level at this time, as it is not generally useful
for average users and doesn't work well within update-manager anyway

ACTION: create end-user summary templates and get DUX group to review our templates sample summaries to designers

ACTION: get html going and send the marked up (but not CSSified) files to
designers

DONE: update instruction text (thanks mpt!)

(?)

Work Items

This blueprint contains Public information

Everyone can see this information.

Subscribers

James Troup

Jamie Strandboge

Jonathan Davies

Kees Cook

Marc Deslauriers

Matthew Paul Thomas

Michael Vogt

Taylor Yu