16:38 <jdstrand> #startmeeting
16:38 <meetingology> Meeting started Mon Jan 27 16:38:51 2014 UTC.  The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
16:38 <meetingology> 
16:38 <meetingology> Available commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired
16:38 <jdstrand> The meeting agenda can be found at:
16:38 <jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
16:39 <jdstrand> [TOPIC] Announcements
16:39 <jdstrand> Thanks to the following people thanks for help on security updates since the last meeting: Johan Van de Wauw (tamrat) provided debdiffs for precise-saucy for mapserver (LP: #1267616), Thomas Ward (TheLordOfTime) provided debdiffs for raring for znc (LP: #1268658), Felix Geyer (debfx) provided debdiffs for Precise, Quantal, Saucy for quassel (LP: #1255362). Your work is very much appreciated and will keep Ubuntu users secure. Great job! :)
16:39 <ubottu> Launchpad bug 1267616 in mapserver (Ubuntu Saucy) "Possible SQL Injections with postgis TIME filters" [Medium,Fix released] https://launchpad.net/bugs/1267616
16:39 <ubottu> Launchpad bug 1268658 in znc (Ubuntu Trusty) "Null pointer dereference in webadmin module [CVE-2013-2130]" [Undecided,Fix released] https://launchpad.net/bugs/1268658
16:39 <ubottu> Launchpad bug 1255362 in quassel (Ubuntu Trusty) "Clients may be able to access buffers belonging to other users" [High,Fix released] https://launchpad.net/bugs/1255362
16:40 <jdstrand> [TOPIC] Review of any previous action items
16:40 <jdstrand> [ACTION] chrisccoulson to benchmark oxide and qtwebkit once armhf builds work
16:40 * meetingology chrisccoulson to benchmark oxide and qtwebkit once armhf builds work
16:40 <jdstrand> [ACTION] chrisccoulson to send results of benchmarks to list
16:40 * meetingology chrisccoulson to send results of benchmarks to list
16:40 <jdstrand> aiui, these are both blocked on usable IM in oxide, which is blocked on qt5.2 which is blocked on the frameworks discussions
16:41 <jdstrand> however, we just determined that we may be able to use https://launchpad.net/~canonical-qt5-edgers/+archive/qt5-beta2 for this
16:41 <jdstrand> chrisccoulson: that pretty much captures that discussion, right?
16:41 <chrisccoulson> it does
16:42 <jdstrand> chrisccoulson: would it be too optimistic to hope for working IM usiong that ppa this week?
16:42 <chrisccoulson> it should be possible, especially now I can build much faster
16:43 <jdstrand> chrisccoulson: ok, I'd like to keep those as actions then. the benchmarking itself should go quickly I would think once IM is there
16:43 <jdstrand> chrisccoulson: if there is a problem with benchmark performance, we may be able to get phonedations to help
16:43 <jdstrand> I am going to take an action to update people on this
16:43 <chrisccoulson> cool :)
16:44 <jdstrand> [ACTION] follow-up on list regarding status of oxide benchmarks and why they are blocked
16:44 * meetingology follow-up on list regarding status of oxide benchmarks and why they are blocked
16:44 <jdstrand> [ACTION] jdstrand to follow-up on list regarding status of oxide benchmarks and why they are blocked
16:44 * meetingology jdstrand to follow-up on list regarding status of oxide benchmarks and why they are blocked
16:45 <jdstrand> [TOPIC] Weekly stand-up report
16:45 <jdstrand> I'll go first
16:45 <jdstrand> I'm in the happy place this week
16:46 <jdstrand> I've got some pending openstack updates to work on-- but I'm having to more or less write the patches myself for earlier releases, so it has been slow going
16:46 <jdstrand> I have quite a bit of sprint preparation to do for next week
16:47 <jdstrand> if time allows, I'll try to get to some work items, but am guessing that will have to wait for next week
16:47 <jdstrand> mdeslaur: you're up
16:47 <mdeslaur> I'm on triage this week
16:47 <mdeslaur> I'll be publishing some USNs, and will be once again going down the list
16:47 <mdeslaur> I'm off on Wednesday
16:47 <mdeslaur> and that's about it from me
16:47 <mdeslaur> sbeattie: you're up
16:49 <jdstrand> tyhicks: why don't you go next and sbeattie can give status later
16:50 <tyhicks> ok
16:50 <jdstrand> (also, jj is out for the meeting)
16:50 <tyhicks> I'm looking into an ecryptfs bug at the moment (LP: #1265841)
16:50 <ubottu> Launchpad bug 1265841 in linux (Ubuntu) "kernel BUG at /build/buildd/linux-3.11.0/fs/buffer.c:1268!; RIP: 0010:[<ffffffff816e3efd>] [<ffffffff816e3efd>] check_irqs_on.part.11+0x4/0x6" [Medium,Triaged] https://launchpad.net/bugs/1265841
16:51 <tyhicks> I'll be mainly working on that and hacking on kdbus again this week
16:51 <tyhicks> probably a little prep for the sprint, as welll
16:51 <tyhicks> that's it for me
16:51 <jdstrand> question
16:51 <tyhicks> ok
16:52 <jdstrand> sorry I keep asking about this-- what is going on with yama?
16:52 <jdstrand> (on touch)
16:52 <tyhicks> jdstrand: I've wasted way too much time trying to test it on the emulator
16:52 <tyhicks> jdstrand: as of Friday, the emulator segfaults when running unity8 autopilot tests
16:52 <jdstrand> hrmm, sorry about that
16:52 <tyhicks> jdstrand: I was hoping to talk jjohansen into letting me use one of his devices next week at the sprint to test it
16:53 <jdstrand> so, are you able to run it on hardware?
16:53 <jdstrand> ok, that seems reasonable
16:53 <tyhicks> all of the dev work is done and has been for a long time
16:53 <tyhicks> I just don't have a way to run the autopilot tests
16:53 <jdstrand> yeah
16:54 * jdstrand nods
16:54 <tyhicks> I thought getting a cheap maguro would help me test this (along with other touch landings)
16:54 <jdstrand> I think testing on real hardware and then coordinating with ogasawara for a pull request then landing will hopefully be fine at this point
16:55 <jdstrand> if the emulator is busted for doing our tests, we can't be expected to use it
16:55 <tyhicks> but it runs the old kernel version that we're not backporting to :/
16:55 <tyhicks> I tried running with ubuntu-emulator and with the older emulator set up using xnox's test scripts
16:56 <tyhicks> ubuntu-emulator segfaults and the test scripts eventually hang because the emulator dies at some point
16:56 <tyhicks> oh, and that's without the yama backport patches... so they're not at fault
16:56 <tyhicks> I was just trying to get a baseline
16:56 <tyhicks> ok, that's it for me
16:56 * jdstrand nods
16:57 <tyhicks> sarnold: you're up
16:57 <sarnold> I'm on community this week
16:57 <jdstrand> we'll test on real hardware and try to get you unblocked
16:57 <tyhicks> thanks :)
16:58 <sarnold> I've got some libotr patches from debfx to test and release this week, several MIRs, reviewing serge's new cgmanager (nearly done, one file left!), and then sprint preparation (looking into the profile loading more deeply)
16:58 <sarnold> I suspect it isn't all going to get done before the end of the week
16:59 <sarnold> I think that's me, are we going back to chrisccoulson or on to jdstrand again? (I missed the start..)
16:59 <chrisccoulson> hi :)
17:00 <chrisccoulson> this week i'll be looking at some of the oxide bugs that are blocking having a usable browser on the device
17:00 <jdstrand> tyhicks: oh, chrisccoulson has a manta that I'm sure he's bringing next week
17:00 <chrisccoulson> last week i switched oxide to cmake, and made cross-compiling work :)
17:00 <jdstrand> tyhicks: so maybe quick popping a kernel in there and testing on it would be ok
17:00 <tyhicks> chrisccoulson: I'd really appreciate it if I could (ab)use it for a day
17:01 <tyhicks> yep
17:01 <chrisccoulson> the bad news is that next week is firefox release week. perfect timing ;)
17:01 <tyhicks> ah
17:01 <chrisccoulson> so i'll probably be trying to get that out of the way at the end of this week
17:01 <tyhicks> well I can ask jj later
17:01 <jdstrand> chrisccoulson: argh :\
17:01 <mdeslaur> chrisccoulson: ugh :(
17:01 <chrisccoulson> yeah, it's pretty annoying
17:02 <chrisccoulson> i wish they could have done the release this week :)
17:02 <chrisccoulson> but, oh well :/
17:02 <chrisccoulson> i think that's me done
17:03 <jdstrand> re cmake: \o/
17:03 <jdstrand> [TOPIC] Highlighted packages
17:04 <jdstrand> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
17:04 <jdstrand> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
17:04 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/dropbear.html
17:04 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/libmodplug.html
17:04 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/aria2.html
17:04 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/opensaml2.html
17:04 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/cakephp.html
17:04 <jdstrand> [TOPIC] Miscellaneous and Questions
17:12 <jdstrand> mdeslaur, tyhicks, sarnold, chrisccoulson: thanks!
17:12 <jdstrand> #endmeeting