#title #ubuntu-meeting Meeting

Meeting started by jdstrand at 18:00:50 UTC.  The full logs are
available at
http://ubottu.com/meetingology/logs/ubuntu-meeting/2012/ubuntu-meeting.2012-01-23-18.00.log.html
.



== Meeting summary ==

''LINK:'' https://wiki.ubuntu.com/SecurityTeam/Meeting   (jdstrand, 18:01:01)
 *Review of any previous action items

 *Announcements

 *Weekly stand-up report

 *Highlighted packages
''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/mpack.html   (jdstrand, 18:18:05)
''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/torque.html   (jdstrand, 18:18:09)
''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/torcs.html   (jdstrand, 18:18:12)
''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/open-vm-tools.html   (jdstrand, 18:18:16)
''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/libsdp.html   (jdstrand, 18:18:19)

 *Miscellaneous and Questions
''LINK:'' https://wiki.ubuntu.com/UbuntuDeveloperWeek/Timetable   (micahg, 18:20:50)
''ACTION:'' sbeattie to follow up on qrt bugs from QA team  (jdstrand, 18:34:53)



Meeting ended at 18:38:42 UTC.



== Votes ==




== Action items ==

 * sbeattie to follow up on qrt bugs from QA team



== Action items, by person ==

 * sbeattie
 ** sbeattie to follow up on qrt bugs from QA team



== People present (lines said) ==

 * jdstrand (59)
 * mdeslaur (25)
 * sbeattie (24)
 * jjohansen (10)
 * tyhicks (10)
 * micahg (9)
 * meetingology (4)
 * Gnostus_ (3)
 * ubottu (2)



== Full Log ==


 18:00:50 <jdstrand> #startmeeting

 18:00:50 <meetingology> Meeting started Mon Jan 23 18:00:50 2012 UTC.  The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/AlanBell/mootbot.

 18:00:50 <meetingology> 

 18:00:50 <meetingology> Available commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired

 18:01:01 <jdstrand> The meeting agenda can be found at:

 18:01:01 <jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting

 18:01:01 <mdeslaur> hi!

 18:01:04 <jdstrand> [TOPIC] Review of any previous action items

 18:01:32 <Gnostus_> Morning everyone!

 18:01:36 <jdstrand> Happy new year and welcome to our first meeting this year :)

 18:01:41 <mdeslaur> \o/

 18:01:53 <jjohansen> \o

 18:01:58 <sbeattie> heya

 18:02:06 <jdstrand> [TOPIC] Announcements

 18:02:06 <tyhicks> o/

 18:02:16 <Gnostus_> :)

 18:02:22 <jdstrand> Thanks to Mahyuddin Susanto (udienz) for his help on security updates for the community supported lighttpd (LP: #906792), cacti (LP: #906773) and squid3 (LP: #907690) packges on lucid and higher over the last weeks.

 18:02:27 <jdstrand> Also would like to thank Ante Karamati? (ivoks) for providing a debdiff for lucid for phpmyadmin (LP: #913846)

 18:02:35 <jdstrand> Thank you to Harald Jenny (harald-a-little-linux-box) for providing a debdiff for hardy for openswan (LP: #917754)

 18:02:46 <jdstrand> All of your work is very much appreciated and will keep Ubuntu users secure. Great job! :)

 18:02:56 <jdstrand> [TOPIC] Weekly stand-up report

 18:03:02 <jdstrand> I'll go first

 18:03:19 <jdstrand> I should have a short week this week, with friday off

 18:03:25 <jdstrand> I'm on triage

 18:03:39 <jdstrand> I also have several pending updates that should go out today and tomorrow

 18:04:02 <jdstrand> I've got a bit more archive admin work to catch up on (did some this weekend, but not caught up yet)

 18:04:16 <jdstrand> I also have a number of MIR audits I need to process

 18:05:21 <jdstrand> I'll get to work items as I have time. I have an initial implementation of aa-easyprof, but need to write tests for it, upstream it and get it into the packaging

 18:05:35 <jdstrand> I think that is it from me

 18:05:38 <jdstrand> mdeslaur: you're up

 18:05:48 <mdeslaur> I'm in the happy place this week

 18:05:57 <mdeslaur> I have an embargoed security issue to test

 18:06:07 <mdeslaur> and I plan on working on a couple of embargoed security bugs

 18:06:19 <mdeslaur> and have another set of embargoed updates to test too

 18:06:21 <mdeslaur> and

 18:06:27 <mdeslaur> embargoed embargoed blah blah embargoed

 18:06:34 <jjohansen> :)

 18:06:34 <mdeslaur> that's it from me

 18:06:41 <mdeslaur> sbeattie: you're up

 18:06:42 <jdstrand> lots of embargoed stuff lately...

 18:07:21 <sbeattie> I'm on community this week

 18:07:33 <sbeattie> I have an openjdk regression update to publish

 18:07:54 <sbeattie> I'm also working on glibc and openssl updates

 18:08:29 <sbeattie> I need to poke at the maverick-proposed gdb package I built on lucid for an escalated support issue

 18:08:43 <jdstrand> sbeattie: that openjdk regression is the one that slangasek and doko were talking about?

 18:08:53 <sbeattie> Yes

 18:09:01 <jdstrand> sbeattie: awesome. thanks for that

 18:09:05 * jdstrand hugs sbeattie

 18:09:17 <Gnostus_> :)

 18:09:17 <sbeattie> I verified that it fixes the specific regression, I just need to generally test and publish

 18:09:59 <sbeattie> I also need to get back to my apparmor work items, and perhaps help jj get a 2.7.1 release out the door.

 18:10:08 <sbeattie> I think that's it for me.

 18:10:15 <sbeattie> micahg: poke

 18:11:50 <micahg> I have to finish testing the rapid release migration for Firefox 9 for lucid/maverick and migrate that to updates, another round of chromium upload to proposed this week, patch pilot, and hopefully make some headway on webkit before the next round of mozilla updates come

 18:12:21 <micahg> tyhicks: tag

 18:12:33 <tyhicks> I'm in the happy place this week

 18:13:08 <tyhicks> I hope to have a full week, but I am selected as an alternate juror, so we'll see

 18:13:33 <tyhicks> I have been focusing on upstream eCryptfs kernel bugs and got those patch sets out to the appropriate lists last week for comment

 18:13:49 <tyhicks> I've got 1 small revision that I need to do and then I want to turn my focus to my update queue

 18:14:12 <tyhicks> That will likely be the ruby update, first

 18:14:33 <tyhicks> I think that is it for me

 18:14:37 <tyhicks> jjohansen: you're up

 18:14:46 <jjohansen> I need to catch up on my USN publications from being sick at the end of last week

 18:14:46 <jjohansen> and then do some testing on the fix for the /proc/pid/mem issue instead of the revert that we used as the emergency fix

 18:14:46 <jjohansen> I need to push out the apparmor 2.7.1 release before it gets any bigger (thanks for all the bug fixes)

 18:14:46 <jjohansen> and I need to finish up on the mount rules for apparmor so people can test them

 18:15:34 <jjohansen> oh and I should poke at a couple of ecryptfs patches

 18:15:45 <jjohansen> that is review them

 18:15:53 <jjohansen> I think that is it from me

 18:16:09 <tyhicks> jjohansen: I've gotten some review, so don't spend a lot of time on those patches

 18:16:35 <tyhicks> (but a review would be great :)

 18:16:41 <jjohansen> tyhicks: oh nice, I haven't gotten as far as even seeing if you had review, just saw them in my in box

 18:17:42 <jdstrand> [TOPIC] Highlighted packages

 18:17:53 <jdstrand> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.

 18:17:57 <jdstrand> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.

 18:18:05 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/mpack.html

 18:18:09 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/torque.html

 18:18:12 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/torcs.html

 18:18:16 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/open-vm-tools.html

 18:18:19 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/libsdp.html

 18:18:27 <jdstrand> [TOPIC] Miscellaneous and Questions

 18:18:34 <micahg> o/

 18:19:16 <jdstrand> As jjohansen alluded to, people are talking quite a bit about the recent /proc/<pid>/mem handling in the kernel.

 18:19:16 <jdstrand> We have released an emergency update today (http://www.ubuntu.com/usn/usn-1336-1/)

 18:19:16 <jdstrand> micahg: go ahead

 18:19:45 <micahg> so, dholbach is looking for speakers for UDW and I thought it might be nice if someone gave a talk on helping with security updates

 18:20:04 <micahg> the timeslots are 30 minutes each

 18:20:21 <jdstrand> micahg: when is it?

 18:20:29 <micahg> Jan 31 - Feb 2 IIRC

 18:20:50 <micahg> https://wiki.ubuntu.com/UbuntuDeveloperWeek/Timetable

 18:20:53 <jdstrand> istr someone from the team doing this once before

 18:21:17 <jdstrand> does someone have an already prepared presentation they could use?

 18:23:10 <jdstrand> well, we can discuss that later

 18:23:16 <jdstrand> micahg: noted

 18:23:26 <jdstrand> Does anyone have any other questions or items to discuss?

 18:23:38 <sbeattie> o/

 18:24:12 <jdstrand> sbeattie: go ahead

 18:24:30 <sbeattie> nuclearbob proposed a couple of additional tags for qrt in bug 913818 and bug 913812, and I wanted to get the team's opinions on them

 18:24:32 <ubottu> Launchpad bug 913818 in QA Regression Testing "Proposal for tag to indicate conflicting dependencies" [Undecided,Opinion] https://launchpad.net/bugs/913818

 18:24:33 <ubottu> Launchpad bug 913812 in QA Regression Testing "Flag for tests not applicable to current series" [Undecided,Opinion] https://launchpad.net/bugs/913812

 18:25:02 <sbeattie> one is to indicate that the packages from one test-script will conflict if installed with the packages from another test script

 18:25:48 <sbeattie> and the other is to indicate a specific release that a test script is deprecated, because the package has been pulled from the archive or for some other reason.

 18:26:09 <jdstrand> the latter seems totally fine

 18:26:32 <jdstrand> the former seems like a maintainence issue. I guess the idea is so that a test environment can be reused?

 18:26:38 <sbeattie> I guess

 18:27:39 <jdstrand> QRT-Isolation

 18:27:57 <jdstrand> hmm

 18:28:08 <mdeslaur> aren't qrt tests supposed to be run in a clean environment?

 18:28:24 <jdstrand> ideally, yes

 18:28:35 <mdeslaur> I don't like QRT-Isolation, but am fine with the other one

 18:28:37 <jdstrand> that is not enforced, just what we encourage

 18:28:49 <sbeattie> mdeslaur: I think the thinking is to run as many in a clean environment if they don't conflict/interfere, to reduce the cost of spinning up umpteen vms

 18:28:58 <micahg> do the packages conflict or the tests?  if it's the packages, we should enforce this at the package manager level if appropriate

 18:29:21 <mdeslaur> micahg: the packages, and it is already handled fine by the package manager

 18:29:38 <micahg> ok, good :)

 18:29:54 <jdstrand> micahg: well, I think a level higher would probably be easier for the framework to handle

 18:29:59 <sbeattie> micahg: I think the packages enforce it, but e.g. the install-packages script is designed around a single test script situation

 18:30:10 <mdeslaur> so, QRT-Isolation would just be a tag to say that test needs to be run by itself?

 18:30:45 <mdeslaur> ie: we don't need to specify conflicts and stuff manually with that tag?

 18:31:17 <sbeattie> mdeslaur: hold on, lemme look at the bzr branch he submitted

 18:31:30 <jdstrand> if that is the case, that seems ok

 18:31:43 <mdeslaur> yeah, if it's just adding the tag, then I'm fine with it

 18:31:53 <mdeslaur> also, does the QRT-Deprecated tag specify a release?

 18:32:21 <jdstrand> as an aside, I just realized I am not getting qrt bug mail. I'm guessing our team should probably be getting that. shall I set it up that way?

 18:32:33 <mdeslaur> jdstrand: sure

 18:33:35 <sbeattie> mdeslaur: hrm, his bug proposes QRT-Isolation, but the branch submitted uses QRT-Conflicts and specificies individual test scripts.

 18:33:58 <mdeslaur> sbeattie: yeah, that's what I don't want...as I have no way of maintaining a QRT-Conflicts tag

 18:34:00 <sbeattie> (branch is at https://code.launchpad.net/~nuclearbob/qa-regression-testing/max-changes ; I've already merged the bits not related to those two bugs)

 18:34:04 <jdstrand> QRT-Conflicts sounds messy. QRT-Isolation seems ok

 18:34:16 <jdstrand> my 2 cents

 18:34:16 <sbeattie> Okay, let's follow up in the bug report

 18:34:25 <sbeattie> I can take that action

 18:34:49 <mdeslaur> ah, he's conflicting packages

 18:34:53 <jdstrand> [ACTION] sbeattie to follow up on qrt bugs from QA team

 18:34:53 * meetingology sbeattie to follow up on qrt bugs from QA team

 18:34:54 <mdeslaur> wait a sec, that's not too bad

 18:35:56 <sbeattie> mdeslaur: well, that's sort of capturing redundant info from the package manager

 18:36:08 <mdeslaur> sbeattie: yeah

 18:36:34 <jdstrand> and surely different releases will have different conflicts

 18:36:36 <sbeattie> anyway, I think we've flogged this enough and can move on

 18:36:41 <mdeslaur> ok

 18:37:17 <jdstrand> any other questions or items to discuss?

 18:38:22 <mdeslaur> nope!

 18:38:24 <mdeslaur> :)

 18:38:38 <jdstrand> mdeslaur, sbeattie, micahg, tyhicks, jjohansen: thanks!

 18:38:42 <jdstrand> #endmeeting



Generated by MeetBot 0.1.5 (http://wiki.ubuntu.com/AlanBell/mootbot)