16:31 <jdstrand> #startmeeting
16:31 <meetingology> Meeting started Mon Oct 21 16:31:38 2013 UTC.  The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
16:31 <meetingology> 
16:31 <meetingology> Available commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired
16:31 <jdstrand> The meeting agenda can be found at:
16:31 <jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
16:31 <jdstrand> [TOPIC] Announcements
16:31 <jjohansen> \o
16:32 <jdstrand> Ubuntu 13.10 is released. Thanks to everyone who contributed to Ubuntu security for the Saucy Salamander!
16:32 <jdstrand> [TOPIC] Weekly stand-up report
16:32 <jdstrand> I'll go first
16:32 <jdstrand> I'm in the happy place this week
16:32 <jdstrand> I'll be attending a sprint next week and need to prepare for it
16:33 <jdstrand> part of that is preliminary planning for 14.04 and 14.10
16:33 <jdstrand> I'll also patch pilot
16:33 <jdstrand> and have several pending updates I am working on
16:33 <jdstrand> mdeslaur: you're up
16:33 <mdeslaur> I'm on triage this week
16:33 <mdeslaur> am currently publishing eglibc updates
16:34 <mdeslaur> and will work on some other things before the sprint I'm attending next week
16:34 <mdeslaur> that's it form me
16:34 <mdeslaur> sbeattie: you're up
16:34 <sbeattie> I'm on apparmor this week
16:34 <sbeattie> I'm still working on IPC tests amongst other things there
16:35 <sbeattie> I need to finish up the new release tasks
16:35 <sbeattie> I suspect I'll be discussion 14.04 and 14.10 plans
16:35 <sbeattie> that's it for me; tyhicks, you're up
16:36 <tyhicks> I'm in the middle of looking into how kdbus can work for AppArmor and other LSMs, in general
16:36 <tyhicks> I need a little more time with that
16:36 <tyhicks> I have a small amount of eCryptfs maintainership stuff that I need to catch up on
16:37 <tyhicks> and I hope to pitch in on the IPC work
16:37 <tyhicks> that's it for me
16:37 <tyhicks> jjohansen: you're up
16:39 <jjohansen> I will be working on apparmor ipc again this week, I'll be coordinating with tyhicks and sbeattie. I am sure we will do a little preplanning for 14.04/14.10 and I also have to push up the patches I have queue for 3.13
16:39 <jjohansen> I think that is it for me, sarnold your up
16:40 <sarnold> I have one more MIR to finish -- I didn't get it done in time for including in images :( but I've made a lot of progress on it, and I'd like to finish it off before moving on
16:41 <mdeslaur> sarnold: any idea when that'll be?
16:41 <mdeslaur> just curious
16:41 <sarnold> mdeslaur: I expect it by the end of the day.
16:41 <mdeslaur> ok, cool
16:41 <sarnold> mdeslaur: most of the code quality is quite good, I just need to determine if the authentication on the magic backdoor method is strong enough
16:42 <mdeslaur> haha, that doesn't sound promising
16:42 <sbeattie> hah
16:42 <sarnold> since the magic backdoor is in vmware's hypervisors, I don't have any visibility on how well they filter it out from network traffic that might be used by other VMs or hosts or other hosts on the network, so I'd like to make sure the guests look defensive enough on their own without any help from the hypervisor.
16:42 <mdeslaur> Now with Magic Backdoor(tm) technology!
16:43 <sarnold> ITYM "lower costs of maintenance" or something. hehe. :)
16:43 <mdeslaur> hehe
16:43 <sarnold> anyway, I expect to pick up an update or two this week, depending upon which ones specifically. :) \o/
16:43 <mdeslaur> w00t! :P
16:44 <sarnold> yeah, it's about time you had some help. :)
16:44 <sarnold> oof :)
16:44 <sarnold> that's me :) chrisccoulson, your turn
16:44 <mdeslaur> hehe
16:44 <chuck_> gna!
16:44 <chrisccoulson> this week, i'm working on bug 1214049
16:44 <ubottu> bug 1214049 in Oxide "Support accelerated compositing" [High,Triaged] https://launchpad.net/bugs/1214049
16:45 <chrisccoulson> it turns out that this is required to make viewport mode work (which is required for a useful mobile browser), as page scaling is completely broken in the non-accelerated rendering path
16:46 <mdeslaur> cool
16:46 <chrisccoulson> but once that's done, we're a step closer to being able to start migrating the touch browser across
16:46 <mdeslaur> oh, sweet
16:46 <jdstrand> chrisccoulson: did you have a chance to look at packaging at all yet?
16:46 <chrisccoulson> i plan to spend a day getting all of the firefox builds working again this week too, as they've been neglected a bit recently
16:46 <chrisccoulson> and there's a release next week :)
16:47 <chrisccoulson> jdstrand, not yet. i can do that after this bug though
16:47 <jdstrand> chrisccoulson: cool-- I'm going to try to drum up some help for you next week, and I think that might be helpful
16:47 <chrisccoulson> thanks
16:48 <jdstrand> chrisccoulson: any new on chromium-browser?
16:48 <jdstrand> news*
16:48 <chrisccoulson> heh, not yet. i'll ping chad again in a bit
16:48 <jdstrand> thanks
16:50 <jdstrand> chrisccoulson: did you have anything else to report?
16:50 <chrisccoulson> jdstrand, oh, sorry. no, i'm done :)
16:50 <jdstrand> [TOPIC] Highlighted packages
16:50 <jdstrand> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
16:50 <jdstrand> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
16:50 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/ruby-actionmailer-3.2.html
16:50 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/exif.html
16:50 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/geshi.html
16:51 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/squidclamav.html
16:51 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/tpp.html
16:51 <jdstrand> [TOPIC] Miscellaneous and Questions
16:51 <jdstrand> fyi, I blogged about some of the good work you guys did in 13.10
16:52 <jdstrand> which included a light primer on dbus policy
16:52 <jdstrand> Does anyone have any other questions or items to discuss?
16:52 <mdeslaur> jdstrand: nice blog post!
16:52 <jdstrand> thanks!
16:53 <jdstrand> (the blog post as about application confinement only)
16:53 <jdstrand> if people haven't read chrisccoulson's post on oxide, it is excellent: http://www.chriscoulson.me.uk/blog/?p=196
16:54 <mdeslaur> yes, nice blog post chrisccoulson!
16:55 <chrisccoulson> heh :)
16:55 <chrisccoulson> thanks
16:59 <jdstrand> mdeslaur, sbeattie, tyhicks, jjohansen, sarnold, ChrisCoulson: thanks!
16:59 <jdstrand> #endmeeting