16:31:25 <jdstrand> #startmeeting
16:31:25 <meetingology> Meeting started Mon Apr 15 16:31:25 2013 UTC.  The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
16:31:25 <meetingology> 
16:31:25 <meetingology> Available commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired
16:31:48 <jdstrand> The meeting agenda can be found at:
16:31:49 <jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
16:31:59 <jdstrand> [TOPIC] Announcements
16:32:02 <jdstrand> (none this week)
16:32:10 <jdstrand> [TOPIC] Weekly stand-up report
16:32:13 <jdstrand> I'll go first
16:32:24 <jdstrand> I'm on community this week
16:33:07 <jdstrand> I have more requirements gathering, planning and communications of our plans to do
16:33:17 <jdstrand> I also have to finish up performance reviews
16:33:26 <jdstrand> there are a couple audits to finish
16:33:43 <jdstrand> and I will be working on two embargoed updates
16:34:49 <jdstrand> that's it for me
16:34:52 <jdstrand> mdeslaur: you're up
16:34:59 <mdeslaur> I'm in the happy place this week
16:35:08 <jdstrand> you bet you are! :P
16:35:13 <sbeattie> hehe
16:35:13 <mdeslaur> and I only have two days...wednesday I'm on vacation
16:35:18 <mdeslaur> jdstrand: hehe :)
16:35:35 <mdeslaur> (on vac until the 29th
16:35:55 <mdeslaur> I'm currently writing a test script for haproxy, which I'll likely release this afternoon or tomorrow
16:36:09 <mdeslaur> and am working on an embargoed issue to hand off to one of the non-vacationing suckers
16:36:18 <mdeslaur> and, that's it from me.
16:36:20 <mdeslaur> sbeattie: you're up
16:36:23 <jdstrand> fyi, I forgot one-- hope to do install audits this week too
16:36:33 <sbeattie> ah cool
16:36:46 <sbeattie> I'm working on apparmor work items again this week.
16:37:25 <sbeattie> I'm continuing to write some example clients for confinement, wrote a couple of qml demos last week.
16:37:40 <sbeattie> will need to put some automation around them as well.
16:37:52 <mdeslaur> sbeattie: could you stick those in a bzr tree somewhere?
16:38:09 <jdstrand> sbeattie: re automation, what are you thinking, for automatic testing?
16:38:34 <sbeattie> jdstrand: yeah, for automatic testing, as much as possible.
16:38:49 <sbeattie> drag-n-drop stuff may be harder to automate.
16:39:08 <sbeattie> mdeslaur: https://code.launchpad.net/~sbeattie/+junk/apparmor-examples
16:39:18 <jdstrand> sbeattie: cool-- though aiui, having automatic testing is not in scope for this month per se.
16:39:26 <mdeslaur> sbeattie: ah! cool
16:39:53 <jdstrand> sbeattie: obviously we want it-- what are you thinking about in terms of scheduling that work?
16:40:28 <sbeattie> jdstrand: uhh, hadn't really decided on anything concrete for schedule.
16:40:34 <jdstrand> ok
16:40:55 <sbeattie> jdstrand: was expecting to coordinate that with you/the team
16:41:10 <jdstrand> sbeattie: basically my questons are coming from the palce of 'let's focus on what we said we would focus on, but if we have to adjust, let's talk about it'
16:41:15 <sbeattie> okay
16:41:25 <jdstrand> so yeah, talking later is fine
16:41:44 <sbeattie> anyway, that's pretty much it for me.
16:41:59 <sbeattie> tyhicks: you're up
16:42:09 <tyhicks> I'm working on https://blueprints.launchpad.net/ubuntu/+spec/security-1304-appisolation-dbus this week
16:42:23 <tyhicks> Still wrapping up the dbus parser tests item
16:42:42 <tyhicks> Last week while writing parser tests, I ran across some parser bugs
16:42:59 <tyhicks> Those are fixed now and I'm back to improving the tests
16:43:27 <tyhicks> then I'll move on to "dbus daemon - regression tests" and then to "dbus daemon, pass labeling info on messages so security context can be queried by recipient"
16:43:53 <tyhicks> eCryptfs prep work for the kernel merge window stole some time from me last week but that is now all done
16:44:06 <tyhicks> so my sole focus will be on aa work items this week
16:44:07 <sbeattie> tyhicks: did you push your tests anywhere?
16:44:31 * jdstrand is happy to hear that we are finding and fixing bugs when writing our tests :)
16:44:38 <sbeattie> indeed!
16:44:54 <tyhicks> sbeattie: not yet, when I fully complete that work item the tests will live in the apparmor package of the dbus-dev ppa
16:45:18 <sbeattie> tyhicks: okay, just wondered if you wanted any feedback/review of them...
16:45:42 <tyhicks> I also did a lot of work (still pending upload) on fixing up the patches in the dbus-dev apparmor package so that the patches will be easier to send upstream
16:45:56 <tyhicks> sbeattie: I will want some feedback for sure. I'll send them to the list.
16:46:01 <tyhicks> that's it for me
16:46:05 <tyhicks> jjohansen: you're up
16:46:16 <sbeattie> tyhicks: thanks
16:46:25 <jjohansen> I'll be continuing to work on https://blueprints.launchpad.net/ubuntu/+spec/security-1304-appisolation-signals-ipc-ptrace
16:46:25 <jjohansen> Mostly it should be work around sockets (labeling, passing them, etc)
16:46:25 <jjohansen> I will also need to spend some time pushing some patches to the upstream security tree so they are there for when the merge window opens
16:46:57 <jdstrand> tyhicks: regarding upstreamifying-- is that DBus upstreaming, apparmor, kernel, or some combination?
16:47:24 <jjohansen> jdstrand: kernel - ecryptfs work
16:47:31 <tyhicks> jdstrand: apparmor
16:47:49 <jjohansen> tyhicks: oh?
16:48:21 <tyhicks> the patches against the apparmor package were piling up and it was going to be a pain to get them all in order and broken down for upstreaming
16:48:21 <jdstrand> tyhicks: as in, making them easily digestible for the list?
16:48:26 <tyhicks> jdstrand: exactly
16:48:38 <tyhicks> just a little tidying up before things got too ugly
16:48:41 <jjohansen> ah
16:49:38 <jdstrand> jjohansen: curious-- what are you snding to the upstream security tree?
16:50:16 <jjohansen> jdstrand: about the first 20 patches from the queue that have been reviewed. Its all the base code cleanups and bug fixes
16:50:26 <jdstrand> neat
16:51:13 <jjohansen> sarnold: your up
16:51:23 <sarnold> I'm on triage this week
16:51:50 <sarnold> I'm finishing up curl publication today, and I'm liable to ask jdstrand if I can take one of his MIR audits
16:52:23 <sarnold> I'd like to get around to fixing up my juju charms, but that might take a back burner again to doing another update
16:52:42 <mdeslaur> sarnold: if you're up to a challenge, you can try and take the bouncycastle update
16:52:47 <jdstrand> sarnold: actually one is a MIR audit (ie, not security audit) and the other I'm putting in that category-- it is about the scopes privacy
16:52:48 <mdeslaur> sarnold: java backporting fun
16:52:55 <sarnold> mdeslaur: that -is- a challenge :)
16:53:09 <jdstrand> sarnold: actually, it might not be a bad idea to get some help there
16:53:10 <sarnold> .. with all the goodness of inexplicable crypto goo :)
16:53:15 <jdstrand> sarnold: but we'll talk later
16:53:42 <sarnold> cool :)
16:54:02 <sarnold> chrisccoulson: your turn :)
16:54:09 <chrisccoulson> yoyoyo
16:54:20 <chrisccoulson> i got a flash update out last week
16:54:48 <chrisccoulson> also fixed an arm crash in chromium (waiting on testing feedback from the ufa guys, but it works here)
16:55:03 <chrisccoulson> fixed https://bugzilla.mozilla.org/show_bug.cgi?id=858670, which appeared in the ff20 update
16:55:04 <ubottu> Mozilla bug 858670 in Extension Compatibility "crash in uGlobalMenuObject::ShouldShowIcon with GlobalMenu on Ubuntu" [Critical,New]
16:55:38 <chrisccoulson> https://bugzilla.mozilla.org/show_bug.cgi?id=858782 also appeared, but i've no idea what is happening there. if any of you use google docs and can recreate it, please let me know ;)
16:55:39 <ubottu> Mozilla bug 858782 in Extension Compatibility "crash in uGlobalMenuDocListener::DoHandleMutations with GlobalMenu on Ubuntu" [Critical,New]
16:56:37 <chrisccoulson> did a bit more with chromium automated testing. discovered that gtest can already  produce junit formatted test results, which is a great help
16:57:22 <chrisccoulson> i'll hopefully be done with updates / chromium etc this week, so i can start on other things i'm meant to be looking at :)
16:57:32 <jdstrand> nice
16:57:36 <jdstrand> (junit)
16:57:53 <jdstrand> well all of it, but you know, that goes for everyone :)
16:58:22 <chrisccoulson> yeah, unfortunately, i discovered it created junit results after i started writing code to parse the results and convert them ;)
16:58:28 <chrisccoulson> (like we're doing for firefox already)
16:59:17 <jdstrand> heh
16:59:27 <jdstrand> chrisccoulson: did you have more?
16:59:38 <chrisccoulson> no, that's me done i think
16:59:56 <jdstrand> chrisccoulson: (fyi, since you're last, you can say 'back to you jdstrand or something :)
17:00:05 <chrisccoulson> sure, no problem
17:00:07 <jdstrand> [TOPIC] Highlighted packages
17:00:10 <jdstrand> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
17:00:15 <jdstrand> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
17:00:22 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/gpw.html
17:00:25 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/jenkins-winstone.html
17:00:29 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/policycoreutils.html
17:00:32 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/spice-gtk.html
17:00:35 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/openjpeg.html
17:00:55 <jdstrand> [TOPIC] Miscellaneous and Questions
17:01:10 <jdstrand> I have one for several of you
17:01:40 <jdstrand> based on what was said in this meeting, I have a good feeling about progress for the month
17:01:58 <jdstrand> however, if I look at http://status.ubuntu.com/ubuntu-raring/canonical-security-ubuntu-13.04-month-6.html I have a less good feeling
17:02:15 <jdstrand> so, I guess, now that we are 2 weeks in to this month, how are the work items going? Are we 50% done? are there problems?
17:02:52 <jdstrand> jjohansen: ^ we talked about this a bit last week, so afaik, we are slightly behind but aren't worried on our timeline for this month. is that accurate?
17:03:03 <jjohansen> yes
17:03:04 <jdstrand> jjohansen: (talking about your work items specifically)
17:03:21 <tyhicks> I'm not 50% done, but I also haven't been able to spend 100% of my time on the work items
17:03:33 <tyhicks> I will be able to for the remainder of the month
17:03:43 <tyhicks> and I'm confident that I can knock off all of my work items by then
17:03:50 <jdstrand> tyhicks: right..
17:03:52 <jdstrand> ah, ok
17:04:00 <jdstrand> sbeattie: how about you? ^
17:04:18 <sbeattie> sorry, I'm notorious for not updating my workitem entries.
17:04:50 <jdstrand> well, I was going to end with 'Please update your work items' :)
17:04:58 <sbeattie> heh
17:05:12 <sbeattie> but yeah, feeling pretty confident about where things are at.
17:05:20 <jdstrand> sbeattie: but in a less burndown chart way: are you on track for your work items for the month?
17:05:22 <tyhicks> forgetting to update the entries is better than not having any updates to make ;)
17:05:31 <jdstrand> tyhicks: yes!! :)
17:05:38 <jdstrand> sbeattie: awesome
17:05:40 <mdeslaur> hehe
17:06:14 <jdstrand> jjohansen, tyhicks, sbeattie: if you could update this month work items sometime today, that would be great
17:06:21 <sbeattie> okay
17:06:23 * tyhicks nods
17:06:29 <jdstrand> Does anyone have any other questions or items to discuss?
17:17:46 <jdstrand> mdeslaur, sbeattie, tyhicks, jjohansen, sarnold, chrisccoulson: thanks!
17:17:49 <jdstrand> #endmeeting