16:46 #startmeeting 16:46 Meeting started Mon Dec 16 16:46:00 2013 UTC. The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:46 16:46 Available commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired 16:46 The meeting agenda can be found at: 16:46 [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:46 [TOPIC] Announcements 16:46 Due to the EOY leave, the next security team meeting will be 2014/01/06 16:47 [TOPIC] Weekly stand-up report 16:47 I'll go first 16:47 I'm on triage this week 16:47 I'll be here all week this week! 16:47 (try the veal) 16:47 \o/ 16:47 but, I'm off the next two weeks 16:48 slacker 16:48 :) 16:48 hehe 16:48 I've got some pending updates 16:48 and a few work items around apparmor-easyprof-ubuntu that I am working on 16:49 I dug into oxide testing last week and started developing policy for apparmor policy version 1.1 for it 16:49 chris is off til the end of the year, so I'll mention that the packaging is all together for it, and it builds for all archs 16:50 oh, that's awesome :) 16:50 it fails at runtime on armhf which we think is due to a compile-time option surrounding neon 16:50 the navigation api is reviewed and I think will be committed soon 16:51 so it is really coming along. I've got a todo this week to communicate this to other stakeholders (and an oxide meeting too) 16:51 I think that's it for me 16:51 mdeslaur: you're up 16:51 I'm on community this week 16:51 I have a couple of updates pending, I'm in the final stages of testing 16:52 and I'll continue going down the list, as usual. 16:52 that's about it from me 16:52 hrm, sbeattie isn't here 16:52 tyhicks: you're up 16:52 I've got some carry over from last week 16:53 I got hung up for a little too long on an issue where the emulator fails the executable stack test of test-kernel-security.py 16:53 I spent quite a bit of time on it and I've convinced myself that it is an emulator bug because everything works fine on maguro 16:54 ickky 16:54 tyhicks: interesting-- can you file it if you haven't already? it would be good to get the emulator fixed so that other teams don't get tripped up 16:54 I've built final goldfish, manta, and mako kernels and need to do some quick testing and then send off the patches 16:54 jdstrand: sure, that's a good idea 16:54 tyhicks: oh, maguro, interesting-- do we have access to that device on the team? 16:55 jdstrand: ? I've got one 16:55 oh no 16:55 I was wrong about the code name 16:55 I meant grouper 16:55 jjohansen1: ah right, you have nearly everything :) 16:55 ok 16:55 * tyhicks has another shot of coffee 16:55 heh 16:56 after that, I'll be on user data encryption 16:56 jdstrand: no no, please forget I ever mentioned uh, never mind ;) 16:56 well, there is one problem 16:56 I can't test the manta and mako kernels 16:57 but I also don't want to bog down jj 16:57 I think testing in the emulator is sufficient, though 16:57 I have a mako. chris has a manta 16:57 (though chris is off this week) 16:57 tyhicks: if you need me, holler 16:57 all mako and manta get are some backported yama patches since their kernel configs were already hardened correctly 16:57 ok 16:57 I'll think about it some more 16:57 that's it for me 16:57 jjohansen1: you're up 16:59 I'm working on apparmor again this week, I've got some testing work to coordinate with sbeattie around dfa and permission changes, and yes ipc work. 17:00 And I'm fixing another invalidation bug that keeps taking down anything using a compound label 17:00 so files, sockets, ..., stacking pretty much everything 17:00 * jjohansen1 sighs 17:01 :( 17:02 well I think thats it from me, sarnold your up 17:04 I'm in the happy place this week 17:05 I'm all caught up on the apparmor patches (I think) so I'm moving on to the MIR audits, it's amazing how quicklyu they pile up when I'm not looking.. 17:05 yes... 17:05 sounds like it is about time to write some more apparmor patches 17:05 ;) 17:06 hah 17:06 haha :) 17:07 I started reading the developer.ubuntu.com docs last night and found a handful of problems that I'll file some bugreports for.. it's amazing how much is done already :) woo. 17:07 I think that's me covered, jdstrand back to you 17:08 sarnold: are these security bugs or just regular bugs? 17:08 jdstrand: regular bugs :) woot 17:08 ok, good :) 17:08 [TOPIC] Highlighted packages 17:08 The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 17:08 See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 17:09 http://people.canonical.com/~ubuntu-security/cve/pkg/rawstudio.html 17:09 http://people.canonical.com/~ubuntu-security/cve/pkg/nagstamon.html 17:09 http://people.canonical.com/~ubuntu-security/cve/pkg/slim.html 17:09 http://people.canonical.com/~ubuntu-security/cve/pkg/ruby-passenger.html 17:09 http://people.canonical.com/~ubuntu-security/cve/pkg/autotrace.html 17:09 [TOPIC] Miscellaneous and Questions 17:09 Does anyone have any other questions or items to discuss? 17:09 jdstrand: we need to talk about who is doing watch during the holidays 17:10 mdeslaur: yeah, I added that to my todo this morning 17:10 cool 17:10 mdeslaur: thanks for reminding me 17:14 mdeslaur, tyhicks, jjohansen1, sarnold: thanks! 17:14 #endmeeting