16:42 <jdstrand> #startmeeting
16:42 <meetingology> Meeting started Mon Dec  9 16:42:55 2013 UTC.  The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
16:42 <meetingology> 
16:42 <meetingology> Available commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired
16:42 <tyhicks> hello
16:42 <jdstrand> The meeting agenda can be found at:
16:42 <jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
16:43 <jdstrand> [TOPIC] Announcements
16:43 <jdstrand> Thanks to Ritesh Khadgaray (ritz) for providing preliminary patches for pixman for precise-saucy (LP: #1197921). Your work is very much appreciated and will keep Ubuntu users secure. Great job! :)
16:43 <ubottu> Launchpad bug 1197921 in xorg-server (Ubuntu Saucy) "LibreOffice spreadsheet causes full Xorg crash with Anti-Aliasing enabled" [Undecided,New] https://launchpad.net/bugs/1197921
16:43 <jdstrand> [TOPIC] Weekly stand-up report
16:43 <jdstrand> I'll go first
16:43 <jdstrand> I'm in the happy place this week
16:44 <jdstrand> I've got another short week
16:44 <jdstrand> I'm working on some pending updates
16:44 <jdstrand> I've also got some apparmor-easyprof-ubuntu work items to do to unblock mardy
16:44 <jdstrand> and more 14.04 planning
16:44 <jdstrand> mdeslaur: you're up
16:44 <mdeslaur> I'm on triage this week
16:44 <mdeslaur> and have just published gimp updates
16:45 <mdeslaur> I have a few more updates I'm working on
16:45 <mdeslaur> and am still going down the list, etc.
16:45 <mdeslaur> that's it from me, sbeattie, you're up
16:46 <tyhicks> I don't think he's here so I'll go ahead
16:46 <tyhicks> I'm still hardening the goldfish kernel config
16:47 <tyhicks> I need to investigate one test failure when running test-click-apparmor.py on goldfish with apparmor enabled
16:47 <tyhicks> After that, I'll prepare apparmor and dbus uploads to add support for an 'eavesdrop' permission (all of the code is already written)
16:47 <tyhicks> Then I'll start on the user data encryption work items
16:47 <tyhicks> that's it for me
16:47 <tyhicks> jjohansen: you're up
16:48 <tyhicks> oh, I know he's not here today
16:48 <tyhicks> sarnold: you're up
16:49 <sarnold> I'm on community this week
16:49 <sarnold> I'll be going through some apparmor patches, I know there's still a few left on the list that I haven't reviewed yet
16:49 <sarnold> and I'll be handling some MIR audits
16:50 <tyhicks> there's not many patches left - thanks for reviewing so many last week :)
16:50 <sarnold> I think that's it for me, chrisccoulson, you're up :)
16:50 <sarnold> woo :)
16:50 <chrisccoulson> hi :)
16:50 <chrisccoulson> this week, i've got firefox and thunderbird updates
16:50 <chrisccoulson> and going to get chromium out too
16:51 <chrisccoulson> also, trying to get oxide to build successfully on arm, which is proving to be less fun than i imagine ;)
16:51 <chrisccoulson> **imagined
16:51 <jdstrand> chrisccoulson: is is more gyp-finagling?
16:51 <jdstrand> s/is is/is it/
16:51 <chrisccoulson> jdstrand, out of memory when linking
16:51 <sarnold> owwwww
16:51 <chrisccoulson> i'm currently trying a build with gold
16:52 <chrisccoulson> i have another option if that fails
16:52 <jdstrand> classic
16:52 <chrisccoulson> heh
16:52 <chrisccoulson> so it's going to be a busy last few days for me before i finish for christmas
16:52 <jdstrand> curious that we can get chromium to build but not oxide
16:53 <chrisccoulson> jdstrand, we do a component build of chromium, which carves up all of the modules in to lots of small libraries
16:53 <jdstrand> is chromium-browser doing anything special to work around that?
16:53 <chrisccoulson> it's really only a developer option
16:53 <jdstrand> I see
16:53 <chrisccoulson> and also, the blink debug symbols are disabled
16:53 <chrisccoulson> we need cross builds ;)
16:53 <chrisccoulson> anyway, i think that's me done
16:54 <jdstrand> if your remainging to options don't work, perhaps talk to slangasek (or infinity) on options?
16:54 <jdstrand> s/remainging to/remaining two/
16:55 <chrisccoulson> jdstrand, the component build option would work, although i'd need to make some changes to oxide to support that
16:55 <jdstrand> that sounds like it would be quite a bit more work
16:55 <jdstrand> I thought all this was supposed to be fixed with the new armhf boxes...
16:55 <sarnold> armhf isn't 64 bit :/
16:55 <mdeslaur> chrisccoulson: are we getting a chromium-browser release this week?
16:56 <chrisccoulson> yeah, that's the main problem
16:56 <chrisccoulson> mdeslaur, yeah
16:56 <mdeslaur> chrisccoulson: oh, sorry, didn't see that comment above
16:56 <jdstrand> well, neither is the i386 buildd
16:57 <jdstrand> or am I missing something?
16:58 <jdstrand> chrisccoulson: ^
16:58 <chrisccoulson> jdstrand, not sure. perhaps the linker on arm just uses more memory?
16:59 <mdeslaur> perhaps the builders have less ram?
16:59 <jdstrand> ok, well, I think it might make sense to talk to some arm buildd experts before going the component build route (if we are facing that)
16:59 <chrisccoulson> sure
16:59 <jdstrand> mdeslaur: that is what I thought, which is why I thought this was all fixed with the new armhf boxes
16:59 <mdeslaur> they doubled from "almost none" to "slightly more" I believe :)
16:59 <jdstrand> maybe the buildd that is getting assigned isn't a new one. infinity could definitely answer those questions
17:00 <jdstrand> anyhoo
17:00 <jdstrand> let's move on
17:00 <jdstrand> TOPIC] Highlighted packages
17:00 <jdstrand> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
17:00 <jdstrand> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
17:00 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/haskell-tls-extra.html
17:00 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/webfs.html
17:00 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/proftpd-dfsg.html
17:00 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/xine-ui.html
17:00 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/gnome-shell.html
17:01 <jdstrand> [TOPIC] Miscellaneous and Questions
17:01 <jdstrand> Does anyone have any other questions or items to discuss?
17:03 <tyhicks> It looks like bug #1158500 is something that we'll need to address
17:03 <ubottu> bug 1158500 in audit (Ubuntu) "auditd fails to add rules when used in precise with -lts-quantal kernel" [Undecided,New] https://launchpad.net/bugs/1158500
17:03 <tyhicks> especially now that audit is in main
17:04 <slangasek> chrisccoulson: "we need cross-builds" - cross-building chromium-browser should work, it's just not a complete analogue to what you get with a native build (so won't let you debug all native build failures)
17:04 <tyhicks> I'm not going to have the cycles to look into it this week, but it is something that will need to be thought out in time for trusty
17:04 <sarnold> tyhicks: oww :/
17:04 <mdeslaur> tyhicks: I think that would be a kernel team issue, no?
17:04 <tyhicks> mdeslaur: possibly
17:05 <mdeslaur> tyhicks: I'd attempt tricking them into taking it first :P
17:05 <mdeslaur> oh wait, universe, it's community supported
17:06 <tyhicks> mdeslaur: it was universe for precise
17:06 <mdeslaur> yep
17:06 <tyhicks> mdeslaur: it will be in main for trusty, which will have the same problem
17:06 <mdeslaur> how so?
17:07 <tyhicks> lts kernel updates will cause the syscall table to be updated
17:07 <mdeslaur> oooh, yeah, point the kernel team at it then
17:07 <mdeslaur> it just needs a rebuild?
17:07 <tyhicks> I don't know
17:08 <tyhicks> I'm not sure where it gets the syscall table from
17:08 <mdeslaur> ok
17:08 <jdstrand> if it gets a rebuild, would that break the release kernel?
17:09 <tyhicks> I'd think so
17:09 <jdstrand> yikes
17:09 <jdstrand> tyhicks: can I add a work item for you to followup with the kernel team on the bug?
17:09 <tyhicks> jdstrand: sure
17:09 <jdstrand> tyhicks: then we can go from there on who does what
17:11 <jdstrand> I imagine we would handle it similarly to the xorg stack
17:11 <jdstrand> (ie different packages to go with that kernel)
17:11 <jdstrand> but I don't know what that would look like
17:12 <mdeslaur> yeah, I think they already have a list of packages they need to update/repackage, so that would need to be added
17:12 <tyhicks> ah, I didn't realize that was a possibility
17:13 <jdstrand> mdeslaur, tyhicks, sarnold, chrisccoulson: thanks!
17:13 <jdstrand> #endmeeting