16:32 <jdstrand_> #startmeeting
16:32 <meetingology> Meeting started Mon Sep 30 16:32:42 2013 UTC.  The chair is jdstrand_. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
16:32 <meetingology> 
16:32 <meetingology> Available commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired
16:32 <jdstrand_> The meeting agenda can be found at:
16:32 <jdstrand_> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
16:32 <jdstrand_> [TOPIC] Weekly stand-up report
16:32 <jdstrand_> I'll go first
16:33 <jdstrand_> I'm in the happy place this week
16:34 <mdeslaur> you do indeed look happy
16:34 <jdstrand_> I'm working on an apaprmor-easyprof-ubuntu upload which should finish out all the policy/reserved vs common policy groups/etc. I'm waiting for bug #1231863 to be fixed before uploading
16:34 <ubottu> bug 1231863 in ubuntu-ui-toolkit (Ubuntu Saucy) "Local Sqlite databases are still created/stored in incorrect location" [Critical,Triaged] https://launchpad.net/bugs/1231863
16:34 <jdstrand_> heh
16:35 <jdstrand_> I also am doing stuff with appstore reviews this week-- various updates for recent changes
16:35 <jdstrand_> including working with SDK team on filing path bugs against apps now that they are fixed
16:36 <jdstrand_> "now that they are fixed" referes to the path bugs being fixed in the sdk
16:36 <sbeattie> \o/
16:36 <jdstrand_> but apps are now broken-- so I am going to enumerate them
16:36 <jdstrand_> also continue various followups on https://bugs.launchpad.net/bugs/+bugs?field.tag=application-confinement bugs
16:37 <jdstrand_> I have some patch piloting to do
16:37 <jdstrand_> and think there is a decent chance I might pick up an update this week
16:37 * jdstrand_ crosses fingers
16:37 <jdstrand_> mdeslaur: you're up
16:37 <mdeslaur> I'm on triage this week
16:37 <mdeslaur> I have a short week as I'm off thursday and friday
16:38 <mdeslaur> I'm about to push out a few USNs
16:38 <mdeslaur> and I have a bunch more in our PPA that are in the testing phase
16:38 <mdeslaur> I may get to a couple more before thursday
16:38 <mdeslaur> that's about it
16:38 <mdeslaur> sbeattie: you're up
16:38 <sbeattie> I'm on apparmor again this week, trying to offload work from jjohansen
16:39 <sbeattie> I'm poking at the very early ipc prototype kernel he got me, now that I finally got it booting :/
16:40 <sbeattie> I also need to followup with jdstrand on the hardware apparmor policy proposal he had made earlier.
16:40 <sbeattie> and I need to track down why the parser commits broke both my jenkins build and the daily apparmor ppa builds
16:40 <tyhicks> uh oh
16:41 <sbeattie> I think it's the newly added dependency on libapparmor for the parser build
16:41 <sbeattie> (but we don't need to solve that here)
16:41 <sbeattie> I think that's it for me; tyhicks, you're up
16:41 <jjohansen> oh, yeah likely, sorry
16:42 <tyhicks> I'm testing dbus, apparmor, and evince uploads that fix several bugs
16:42 <tyhicks> One of the fixes in dbus-daemon looks like it may affect some of the dbus policy in apparmor-easyprof-ubuntu, so I'll need to coordinate w/ jdstrand
16:42 <tyhicks> Then I've got an embargoed issue to work on
16:42 <tyhicks> Then I've got one more dbus bug to fix (bug #1229280)
16:42 <ubottu> bug 1229280 in dbus (Ubuntu) "Eavesdroppers confined with AppArmor can see all method_return and error messages" [High,Triaged] https://launchpad.net/bugs/1229280
16:43 <tyhicks> I think that's it for me
16:43 <tyhicks> jjohansen: you're up
16:44 <jjohansen> I'll be working on more apparmor IPC mediation this week
16:45 <jjohansen> hrmm I think that is about it for me sarnold your up
16:46 <chrisccoulson> jjohansen, oh, i've been looking at your earlier ping
16:46 <jdstrand_> I'm not sure sarnold is here yet. chrisccoulson feel free to go ahead
16:46 <sarnold> (hello :)
16:46 <chrisccoulson> jjohansen, http://hg.mozilla.org/releases/comm-esr24/rev/16e20df57d08 is what removed the ability to set the Follow-Up header
16:47 <chrisccoulson> anyway
16:47 <jjohansen> chrisccoulson: thanks for looking
16:47 <chrisccoulson> this week, i'll hopefully be getting back to my oxide bug / feature list :)
16:47 <jdstrand_> sarnold: ah, didn't see you come in :)
16:47 <sarnold> jdstrand_: heh, that was me coming in :) sorry.
16:47 <jdstrand_> no need to be sorry
16:47 <chrisccoulson> we've got pretty good test coverage for the actual API now, although i'm still adding bits (and fixing bugs as I find them)
16:48 <chrisccoulson> i think that's me done
16:48 <mdeslaur> chrisccoulson: any progress on the nss ftbfs?
16:48 <mdeslaur> although I guess it's a little late now to get it in saucy
16:49 <chrisccoulson> mdeslaur, oh, i need to get back to that. sorry. i've got my pandaboard all set up here again now so I've got a bit more flexibility with the test environment
16:49 <mdeslaur> chrisccoulson: cool, thanks
16:50 <chrisccoulson> i planned to roll back some of the recent updates to see when it fails. the main suspects are gcc, binutils and eglibc, which were all updated since the last time it worked
16:51 * mdeslaur rolls dice
16:51 <mdeslaur> gcc!
16:51 <chrisccoulson> heh
16:52 <chrisccoulson> mdeslaur, it doesn't matter which one it is. they're all doko's packages anyway :)
16:52 <chrisccoulson> that's why i picked them out as suspects ;)
16:52 <chrisccoulson> (just kidding btw)
16:52 <jdstrand_> heh
16:52 <jdstrand_> chrisccoulson: did you have more to report?
16:53 <mdeslaur> hehe
16:53 <chrisccoulson> jdstrand_, no, i'm done
16:53 <jdstrand_> sarnold: you're up
16:53 <sarnold> I'm on community this week, and have two more MIR audits to finish up, MIR and open-vm-tools; I would very much like to do both of them this week, but Mir is a large and complicated codebase, I may not make enough progress to finish both this week.
16:54 <sarnold> s/MIR and/Mir and/
16:54 <sarnold> at least the unity-system-compositor was written in idiomatic c++11, which isn't one of my strong languages, so the going was slower than I'd like.
16:55 <sarnold> but hey I'm getting to learn c++11 while I'm at it, and that's fun. :)
16:55 <sarnold> I think that's it for me, jdstrand_ back to you
16:55 <jdstrand_> :)
16:55 <mdeslaur> sarnold: you've been redefining the word "fun" again, haven't you? :)
16:55 * jdstrand_ hugs sarnold
16:55 <chrisccoulson> sarnold, want to port chromium to c++11?
16:56 <sbeattie> sarnold: when you're done, can you teach me those bits of c++11?
16:56 <sbeattie> mdeslaur: he overloaded the fun operator.
16:56 <mdeslaur> return True;
16:56 <sarnold> mdeslaur: lol :) yes, just operator_fun() { ... } and away you go!
16:56 <sarnold> chrisccoulson: nothanks :)
16:56 <chrisccoulson> heh
16:57 <jdstrand_> [TOPIC] Highlighted packages
16:57 <chrisccoulson> i really want to be able to use final and override
16:57 <jdstrand_> http://people.canonical.com/~ubuntu-security/cve/pkg/argyll.html
16:57 <jdstrand_> http://people.canonical.com/~ubuntu-security/cve/pkg/passenger.html
16:57 <jdstrand_> http://people.canonical.com/~ubuntu-security/cve/pkg/gridengine.html
16:57 <jdstrand_> http://people.canonical.com/~ubuntu-security/cve/pkg/salt.html
16:57 <jdstrand_> http://people.canonical.com/~ubuntu-security/cve/pkg/openswan.html
16:57 <jdstrand_> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
16:57 <jdstrand_> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
16:58 <jdstrand_> [TOPIC] Miscellaneous and Questions
16:58 <jdstrand_> Does anyone have any other questions or items to discuss?
17:07 <jdstrand_> mdeslaur, sbeattie, tyhicks, jjohansen, sarnold, ChrisCoulson: thanks
17:07 <jdstrand_> #endmeeting