16:33 <jdstrand> #startmeeting
16:33 <meetingology> Meeting started Mon Jun 10 16:33:03 2013 UTC.  The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
16:33 <meetingology> 
16:33 <meetingology> Available commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired
16:33 <jdstrand> The meeting agenda can be found at:
16:33 <jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
16:33 <jdstrand> [TOPIC] Announcements
16:33 <jdstrand> Christian Kuersteiner (ckuerste) provided debdiffs for lucid-precise for xml-light (LP: #1186860). Your work is very much appreciated and will keep Ubuntu users secure. Great job! :)
16:33 <ubottu> Launchpad bug 1186860 in xml-light (Ubuntu Precise) "Hash collision vulnerability in xml-light" [Undecided,Fix released] https://launchpad.net/bugs/1186860
16:33 <chrisccoulson> hi!
16:34 <jdstrand> [TOPIC] Weekly stand-up report
16:34 <jdstrand> I'll go first
16:34 <jdstrand> apparently I am in the happy place this week, which I am grateful for :)
16:34 <mdeslaur> :)
16:34 <jdstrand> I'm catching up from being off last week
16:34 <jdstrand> I've got patch piloting to do
16:35 <jdstrand> an embargoed update
16:35 <jdstrand> various reviews and coordination surrounding application isolation, scopes and click packages
16:35 <jdstrand> and I plan to do a preliminary install audit of the phablet image
16:35 <jdstrand> mdeslaur: you're up
16:35 <mdeslaur> I have an openchrome update I'll be releasing this afternoon
16:36 <mdeslaur> and after that, I've got a bunch of stuff ready for testing in the secppa
16:36 <mdeslaur> I'm also on triage duty this week
16:36 <mdeslaur> that's pretty much it...updates as usual :)
16:36 <mdeslaur> sbeattie: you're up
16:36 <sbeattie> I'm again on apparmor this week
16:37 <sbeattie> I'm currently working on the apparmor/sdk work in the https://blueprints.launchpad.net/ubuntu/+spec/security-s-appisolation-sdk
16:38 <jdstrand> sbeattie: how is that going?
16:38 <sbeattie> I've uploaded some of the easyprof policy group stuff to the dbus-dev ppa, along with versions of the calculator and calendar app that make use of them
16:38 <jdstrand> ah, cool
16:38 <mdeslaur> oh, cool
16:38 * jdstrand makes note to play with that this week
16:38 <sbeattie> I'm still working on getting json input to easyprof going and am continuing to look at what the click package emits
16:39 <sbeattie> I think there's an apparmor upstream meeting this week that I need to prep for
16:39 <sbeattie> oh, I should note that after this week, I'm off for two weeks
16:39 <sbeattie> That's it for me.
16:40 <jdstrand> sbeattie: wrt click> maybe ask beuno/cjwatson?
16:40 <sbeattie> jdstrand: sure, I've been playing around with the source a bit
16:40 <sbeattie> tyhicks: you're up
16:41 <jdstrand> sbeattie: also, for clarity (since I've been off a week and still catching up), you're still going to work with debhelper correct?
16:41 <tyhicks> I'm (finally) finishing my email to the apparmor list to compare the various dbus syntax proposals
16:41 <sbeattie> jdstrand: yes. I didn't do that in the bits I uploaded.
16:41 <tyhicks> I got sidetracked last week while chasing down some odd things I came across while preparing a profile for that email
16:42 <jdstrand> sbeattie: ok, thanks. I think that shouldn't be too bad. we (you, me, mdeslaur) can talk more if anything is unclear
16:42 <jdstrand> tyhicks: please continue (sorry to interrupt)
16:42 <mdeslaur> oh! forgot to mention I also plan on installing ubuntu on my nexus 4 this week
16:42 <tyhicks> later today, I'll start prepping for my work items in https://blueprints.launchpad.net/ubuntu/+spec/client-1305-content-mgmt-picking
16:43 <tyhicks> I'll begin work on that blueprint this week
16:43 <tyhicks> and will continue working on the parser changes in the background
16:43 <tyhicks> that's it for me
16:43 <tyhicks> jjohansen: you're up
16:44 <mdeslaur> tyhicks: fyi, tvoss mentioned possibly having a command line first draft of that api this week
16:44 <tyhicks> mdeslaur: ok, that would be good
16:44 <jdstrand> tyhicks: also note, that the meeting is early tomorrow
16:44 <jdstrand> tyhicks: did anything happen with rescheduling that
16:44 <mdeslaur> I guess we'll find out more at tomorrow's meeting
16:44 <tyhicks> jdstrand: no, I'm going to give it a shot for a week or two
16:45 <tyhicks> if it kills me, I'll push for a reschedule
16:45 <tyhicks> I think I'll be fine
16:45 <jdstrand> tyhicks: sorry about that, but I appreciate it
16:45 <tyhicks> no problem
16:45 <jdstrand> I think jjohansen is afk atm
16:45 <tyhicks> oh, yes
16:45 <mdeslaur> tyhicks: please don't die
16:45 <jdstrand> sarnold: you're up
16:45 <tyhicks> :)
16:46 <sarnold> I'm on community this week; I'll also be reviewing some patches I expect from jjohansen soon. I'd like jdstrand or mdeslaur's help in pushing the openssl zlib environment variable to a -proposed for wider testing before pushing to the archive
16:46 <mdeslaur> sarnold: ah! yes, cool
16:46 <mdeslaur> sarnold: can I try and push what's in the ppa now?
16:46 <sarnold> my bouncycastle test suite is starting to feel like there's something to it :) I've got symmetric ciphers and their modes of operations working; I can see adding assymetric ciphers and then finally some high level TLS servers/clients
16:46 <jdstrand> sarnold: just put it in the ubuntu-security-proposed ppa and ping me to push it to -proposed when ready
16:46 <sarnold> mdeslaur: yes
16:47 <sarnold> jdstrand: it's already in the security ppa; would it need to be rebuilt in ubuntu-security-proposed before it could be pushed?
16:47 <mdeslaur> sarnold: nope
16:47 <jdstrand> sarnold: no, I can do it from there too
16:48 <mdeslaur> jdstrand: let me try first
16:48 <sarnold> ah, cool :)
16:48 * jdstrand defers to mdeslaur
16:48 <sarnold> okay, I think that's me, chrisccoulson, you're up :)
16:49 <chrisccoulson> thanks sarnold
16:50 <chrisccoulson> so, last week, i pretty much finished off fleshing out the architecture for our chromium embedding api (tentatively named "oxide", thanks to mdeslaur) ;)
16:50 <chrisccoulson> i have a pretty good idea of how much work is involved now
16:50 <jdstrand> tyhicks: (fyi, please feel free to poke me if I don't respond to your apparmor policy email-- I'd like to get those discussions moving and completed)
16:50 <tyhicks> jdstrand: ack - same here
16:50 <chrisccoulson> and i've actually created a project branch locally to start some hacking on it :)
16:50 <jdstrand> chrisccoulson: nice!
16:50 <mdeslaur> chrisccoulson: oh, cool...looking forward to discussion that with you
16:51 <chrisccoulson> this week, i've got an embargoed update to do
16:52 <chrisccoulson> i think that's me (other than that update, i'll be continuing work on https://blueprints.launchpad.net/ubuntu/+spec/client-1303-webkit-maintenance/)
16:52 <jdstrand> [TOPIC] Highlighted packages
16:52 <jdstrand> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
16:53 <jdstrand> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
16:53 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/boinc.html
16:53 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/iscsitarget.html
16:53 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/ruby-openid.html
16:53 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/charybdis.html
16:53 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/bcron.html
16:53 <jdstrand> [TOPIC] Miscellaneous and Questions
16:53 <jdstrand> Does anyone have any other questions or items to discuss?
16:57 <jdstrand> mdeslaur, sbeattie, tyhicks, jjohansen, sarnold, ChrisCoulson: thanks!
16:57 <jdstrand> #endmeeting