16:33 <mdeslaur> #startmeeting
16:33 <meetingology> Meeting started Mon Jun  3 16:33:08 2013 UTC.  The chair is mdeslaur. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
16:33 <meetingology> 
16:33 <meetingology> Available commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired
16:33 <mdeslaur> chrisccoulson: wake up
16:33 <chrisccoulson> hi :)
16:33 <mdeslaur> The meeting agenda can be found at:
16:33 <mdeslaur> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
16:33 <mdeslaur> [TOPIC] Announcements
16:33 <mdeslaur> Thanks to Christian Kuersteiner (ckuerste) who provided debdiffs for precise-raring for xmp (LP: #1182769)
16:33 <mdeslaur> Thanks to Christian Kuersteiner (ckuerste) who provided debdiffs for quantal for tomcat6 (LP: #1166649)
16:33 <mdeslaur> Thanks to Thomas Ward (teward) who provided debdiffs for precise-raring for nginx (LP: #1182586)
16:33 <mdeslaur> Thanks to Rohan Garg (rohangarg) who provided debdiffs for precise-raring for kde4libs (LP: #1178286)
16:33 <ubottu> Launchpad bug 1182769 in xmp (Ubuntu) "Buffer Overflow in MASI loader" [Undecided,Fix released] https://launchpad.net/bugs/1182769
16:33 <mdeslaur> Your work is very much appreciated and will keep Ubuntu users secure. Great job! :)
16:33 <ubottu> Launchpad bug 1166649 in tomcat6 (Ubuntu Saucy) "Multiple open vulnerabilities in tomcat6 in quantal" [Undecided,Fix released] https://launchpad.net/bugs/1166649
16:33 <ubottu> Launchpad bug 1182586 in nginx (Ubuntu Raring) "CVE-2013-2070: nginx proxy_pass buffer overflow vulnerability" [Medium,Fix released] https://launchpad.net/bugs/1182586
16:33 <ubottu> Launchpad bug 1178286 in kdelibs "Security advisory from KDE upstream" [Medium,Fix released] https://launchpad.net/bugs/1178286
16:33 * mdeslaur slaps ubotty
16:34 <mdeslaur> [TOPIC] Weekly stand-up report
16:34 <mdeslaur> I'll go first
16:34 <mdeslaur> I'll be testing the zillion X updates this week
16:34 <mdeslaur> and that's about it
16:34 <mdeslaur> I'm on community too
16:34 <mdeslaur> sbeattie: you're up
16:34 <sbeattie> I'm focusing on apparmor stuff again this week
16:35 <sbeattie> Specifically https://blueprints.launchpad.net/ubuntu/+spec/security-s-appisolation-sdk
16:35 <sbeattie> I'm currently hacking on the aa-easyprof bits
16:35 <sbeattie> that's pretty much it for me.
16:35 <sbeattie> tyhicks: you're up
16:35 <tyhicks> I'm working on https://blueprints.launchpad.net/ubuntu/+spec/security-s-appisolation-dbus
16:36 <tyhicks> This week, I plan on having all of the work items done except for the items related to pushing everything to the archive
16:36 <tyhicks> There's also some minor cleanup and finishing touch type stuff that I'll end up doing to the dbus and apparmor patches
16:36 <tyhicks> That's it for me
16:36 <tyhicks> jjohansen: you're up
16:37 <jjohansen> I'm focused on apparmor stuff as well
16:38 <jjohansen> I'm still poking around for the correct bp so I'll just skip pasting that and say, its the continuation of the ipc work
16:38 <mdeslaur> jjohansen: I have "signals and bits for IPC" and "extended conditionals" in last weeks meeting log
16:38 <mdeslaur> jjohansen: is it a continuation of that?
16:39 <jjohansen> mdeslaur: yep
16:39 <mdeslaur> cool
16:40 <jjohansen> that and I'll get the latest patchset out for more review
16:40 <jjohansen> sarnold: your up
16:40 <sarnold> I'm on triage on this week
16:40 <sarnold> I'll also be poking at trying to unbreak the boucycastle test suite, or steal portions of it, for QRT
16:41 <mdeslaur> sarnold: what's the status of your openssl updates?
16:41 <sarnold> I'm not sure why I've been met with such failure trying to use the test suite, but I presume it's partly my fault for not 100% grokking modern java
16:42 <sarnold> mdeslaur: at least saucy will need re-doing, I think there's a new version pushed into the archive in the meantime; I also need to ask your help in preparing updates for security-proposed or something to get testers first..
16:42 <sarnold> .. at least, I think I'd really rather have feedback from users before pushing it to everyone
16:42 <sarnold> granted, fedora's been using it for a few months, but perhaps their knowledge of hwat broke isn't logged in their bug report. :)
16:42 <mdeslaur> sarnold: is it in the PPA yet?
16:42 <sarnold> mdeslaur: no
16:43 <mdeslaur> sarnold: ok, please create a tracking bug, and make sure the bug # is in the changelog before uploading
16:43 <sarnold> mdeslaur: okay
16:43 <mdeslaur> sarnold: so people know where to go if there's an issue in -proposed
16:43 <sarnold> mdeslaur: do I then just upload to the usual ppa once that's done?
16:44 <mdeslaur> sarnold: yes, as -security, and then we'll get an AA to pocket-copy it to -proposed
16:44 <mdeslaur> (perhaps I can already do that, need to check)
16:44 <sarnold> mdeslaur: cool, thanks :)
16:44 <mdeslaur> sarnold: you done?
16:45 <sarnold> mdeslaur: how much time do you think I should spend on trying to revive the bouncy castle tests before writing a handful of much less comprehensive tests myself?
16:45 <mdeslaur> sarnold: half a day?
16:45 * mdeslaur shrugs
16:45 <sarnold> mdeslaur: cool, thanks. now done :)
16:45 <sarnold> chrisccoulson: you're up :)
16:46 <mdeslaur> chrisccoulson: dude, wake up
16:46 <sbeattie> mdeslaur: he's gotta finish his beer first.
16:47 <mdeslaur> ok, I'll mark down "web-y browser thingies"
16:48 <mdeslaur> [TOPIC] Highlighted packages
16:48 <mdeslaur> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
16:48 <mdeslaur> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
16:48 <mdeslaur> http://people.canonical.com/~ubuntu-security/cve/pkg/bip.html
16:48 <mdeslaur> http://people.canonical.com/~ubuntu-security/cve/pkg/openswan.html
16:48 <mdeslaur> http://people.canonical.com/~ubuntu-security/cve/pkg/exif.html
16:48 <mdeslaur> http://people.canonical.com/~ubuntu-security/cve/pkg/ibm-3270.html
16:48 <mdeslaur> http://people.canonical.com/~ubuntu-security/cve/pkg/php-mail.html
16:48 <chrisccoulson> oops, sorry, was just finishing up dinner ;)
16:48 <mdeslaur> chrisccoulson: hrm, sorry about the meeting being so late for you
16:48 <chrisccoulson> that's ok
16:49 <mdeslaur> chrisccoulson: maybe we should get you to go first next time
16:49 <mdeslaur> chrisccoulson: what are you working on this week?
16:50 <chrisccoulson> this week, i'm still working on client-1303-webkit-maintenance. i've been fleshing out architecture diagrams for the last few days. hopefully they'll be in a good enough state for me to make public on google docs this week
16:50 <mdeslaur> cool
16:50 <chrisccoulson> and then we'll have a good idea of what work needs to happen :)
16:51 <mdeslaur> awesome
16:51 <mdeslaur> chrisccoulson: done?
16:52 <chrisccoulson> mdeslaur, yeah. there aren't any updates planned this week :)
16:52 <mdeslaur> oh, good
16:52 <mdeslaur> [TOPIC] Miscellaneous and Questions
16:52 <mdeslaur> Does anyone have any other questions or items to discuss?
16:53 <mdeslaur> Thanks everyone!
16:53 <mdeslaur> #endmeeting