16:41 <mdeslaur> #startmeeting
16:41 <meetingology> Meeting started Mon Mar 10 16:41:23 2014 UTC.  The chair is mdeslaur. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
16:41 <meetingology> 
16:41 <meetingology> Available commands: action commands idea info link nick
16:41 <mdeslaur> The meeting agenda can be found at:
16:41 <mdeslaur> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
16:41 <mdeslaur> [TOPIC] Announcements
16:42 <mdeslaur> This week is UDS! Please take a look at the schedule and subscribe yourselves to anything that looks security relevant
16:42 <mdeslaur> [TOPIC] Review of any previous action items
16:42 <mdeslaur> hrm
16:42 <mdeslaur> chrisccoulson: did you send oxide and qtwebkit benchmark results to mailing list?
16:43 <mdeslaur> ok, let's get back to him later
16:43 <mdeslaur> [TOPIC] Weekly stand-up report
16:43 <mdeslaur> I'll go first
16:43 <chrisccoulson> just need to hit the send button ;)
16:43 <mdeslaur> chrisccoulson: oh, cool, so I won't add it as an action then, thanks
16:43 <chrisccoulson> ok, i'm done with my other meeting now
16:43 <mdeslaur> I'm in the happy place this week
16:44 <mdeslaur> and, as usual, am going down the CVE list
16:44 <mdeslaur> it's UDS, so i'll be spending some time attending sessions
16:44 <mdeslaur> that's it from me
16:44 <mdeslaur> sbeattie: you're up
16:44 <sbeattie> I'm focused on apparmor again this week
16:45 <sbeattie> I think the packaging bits on my end are mostly resolved, waiting for sarnold's testing results
16:45 <sbeattie> I'll be focusing on jjohansen1's ipc patchset this week
16:46 <sbeattie> and keeping an eye on UDS as well.
16:46 <sbeattie> That's pretty much it for me.
16:46 <sbeattie> tyhicks: tag, you're it.
16:46 <tyhicks> I'm still trying to wrap up dbus and move to apparmor
16:47 <tyhicks> my dbus-daemon v2 patches are done (along with 3 new patches for a bug fix and a missing feature)
16:47 <tyhicks> I'm testing them now and will have them submitted this afternoon
16:48 <tyhicks> then the rest of the week is kdbus and helping out with apparmor work items
16:48 <tyhicks> that's it for me
16:48 <tyhicks> jjohansen1: you're up
16:49 <jjohansen1> so I am working on apparmor again this week, there is some more revision to the ipc work to be done, and also work on stacking for lxc
16:49 <jjohansen1> there are also some open bugs that need tracked down, that I am hoping to get to or delegate this week
16:50 <jjohansen1> And of course following UDS as well, coordinating with sbeattie, and tyhicks
16:50 * sbeattie senses a target on his back
16:50 <mdeslaur> hehe
16:50 <jjohansen1> oh and sarnold on the 2.95 snapshot he is prepping
16:52 <jjohansen1> sbeattie: you mean I have to actually hit, I was hoping this was more like hand grenades and could just lob stuff in your general direction, and get sarnold and tyhicks at the same time
16:52 * sarnold falls over
16:53 <mdeslaur> lol
16:53 * mdeslaur loads paintball gun with apparmor bugs
16:53 <jjohansen1> I think that is it from me, sarnold you are up
16:53 <sarnold> I'm on triage this week
16:55 <sarnold> sbeattie, jjohansen1, and i have finally gotten an apparmor package that passes QRT! I haven't done much use-testing with it yet, just simple "oh hey look is does kinda work" runs
16:55 <sarnold> big thanks to john and steve for fixing the worst of the problems
16:55 <tyhicks> nice!
16:56 <tyhicks> sarnold: just to make sure that I didn't miss a memo, this will be versioned as 2.8.95, correct? (jj said 2.95 above)
16:56 <sarnold> yeah, it's definitely nice to say "it passes our test suite", which feels like a nice minimum to stick with before uploading to trusty. :)
16:56 <sarnold> tyhicks: right 2.8.95.
16:56 <tyhicks> thanks
16:57 <sarnold> so, jjohansen1 sent out another huge patchset that I suspect we'll need for trusty; we should see how the packages do against the tests with those patches integrated
16:57 <sarnold> there were enough of them that I don't think I can give a realistic review of them all in the time we have available to us, certainly not while still doing triage and MIR audits
16:58 <sarnold> I skimmed the first patch and it looked familiar and it looked fine, so I hope that trend continues through the other patches
16:58 <mdeslaur> sarnold: are you making any progress in the MIRs?
16:58 <sarnold> but there is the chance that one or another of them would introduce something that'd break QRT again
16:59 <sarnold> mdeslaur: I ACKed thermald last week and filed a CVE request for a minor issue in the codebase..
16:59 <mdeslaur> cool
16:59 <sarnold> mdeslaur: so one down N to go :) heh
16:59 <mdeslaur> (literallty)
16:59 <sarnold> lol
17:00 <mdeslaur> sarnold: are you done?
17:01 <sarnold> mdeslaur: not yet..
17:01 <sarnold> so, I think I'll give the patches from john a very fast read, probably too fast, but I' really like all those checked into trunk, so we can keep moving forward with the 2.8.95 release
17:01 <sarnold> I could handle them all as individual patches in debian/patches/series but it'd triple the patches i the package, and I'd really like to avoid that..
17:02 <sarnold> anyway, I guess that's me done.
17:02 <mdeslaur> chrisccoulson: you're up
17:03 <chrisccoulson> this week, i'm finishing off my network delegate work for oxide (which is what will enable the browser to override the user-agent string for each HTTP request). i was hoping to finish that last week, but hit an issue with my original plan
17:04 <chrisccoulson> (this is complicated by the fact that it all happens on chrome's IO thread, and code execution in qml can only happen on a single thread)
17:05 <chrisccoulson> once that's done, I've got another bug i need to get done to unblock olivier with some geolocation work
17:05 <chrisccoulson> and then I'm going to spend time reviewing merge proposals, which have been neglected a bit for the last couple of weeks
17:05 <chrisccoulson> i think that's me done
17:06 <mdeslaur> chrisccoulson: you had "reimplemented the script messaging API on the renderer side" last week
17:06 <mdeslaur> chrisccoulson: is that done, or is it still to do?
17:07 <chrisccoulson> mdeslaur, oh, that's done: http://bazaar.launchpad.net/~oxide-developers/oxide/oxide.trunk/revision/395
17:07 <mdeslaur> chrisccoulson: cool
17:07 <mdeslaur> [TOPIC] Highlighted packages
17:07 <mdeslaur> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
17:07 <mdeslaur> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
17:07 <mdeslaur> http://people.canonical.com/~ubuntu-security/cve/pkg/mc.html
17:07 <mdeslaur> http://people.canonical.com/~ubuntu-security/cve/pkg/gnucash.html
17:07 <mdeslaur> http://people.canonical.com/~ubuntu-security/cve/pkg/filezilla.html
17:07 <mdeslaur> http://people.canonical.com/~ubuntu-security/cve/pkg/xmonad-contrib.html
17:07 <mdeslaur> http://people.canonical.com/~ubuntu-security/cve/pkg/mplayer.html
17:08 <mdeslaur> [TOPIC] Miscellaneous and Questions
17:08 <mdeslaur> Does anyone have any other questions or items to discuss?
17:09 <mdeslaur> Thanks everyone!
17:09 <mdeslaur> #endmeeting