== Meeting information == * #ubuntu-meeting Meeting, 10 Mar at 16:41 — 17:09 UTC * Full logs at [[http://ubottu.com/meetingology/logs/ubuntu-meeting/2014/ubuntu-meeting.2014-03-10-16.41.log.html]] == Meeting summary == ''LINK:'' https://wiki.ubuntu.com/SecurityTeam/Meeting === Announcements === The discussion about "Announcements" started at 16:41. === Review of any previous action items === The discussion about "Review of any previous action items" started at 16:42. === Weekly stand-up report === The discussion about "Weekly stand-up report" started at 16:43. === Highlighted packages === The discussion about "Highlighted packages" started at 17:07. * ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/mc.html * ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/gnucash.html * ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/filezilla.html * ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/xmonad-contrib.html * ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/mplayer.html === Miscellaneous and Questions === The discussion about "Miscellaneous and Questions" started at 17:08. == Vote results == == Done items == * (none) == People present (lines said) == * mdeslaur (40) * sarnold (17) * tyhicks (9) * chrisccoulson (8) * sbeattie (7) * jjohansen1 (6) * meetingology (3) == Full Log == 16:41 #startmeeting 16:41 Meeting started Mon Mar 10 16:41:23 2014 UTC. The chair is mdeslaur. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:41 16:41 Available commands: action commands idea info link nick 16:41 The meeting agenda can be found at: 16:41 [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:41 [TOPIC] Announcements 16:42 This week is UDS! Please take a look at the schedule and subscribe yourselves to anything that looks security relevant 16:42 [TOPIC] Review of any previous action items 16:42 hrm 16:42 chrisccoulson: did you send oxide and qtwebkit benchmark results to mailing list? 16:43 ok, let's get back to him later 16:43 [TOPIC] Weekly stand-up report 16:43 I'll go first 16:43 just need to hit the send button ;) 16:43 chrisccoulson: oh, cool, so I won't add it as an action then, thanks 16:43 ok, i'm done with my other meeting now 16:43 I'm in the happy place this week 16:44 and, as usual, am going down the CVE list 16:44 it's UDS, so i'll be spending some time attending sessions 16:44 that's it from me 16:44 sbeattie: you're up 16:44 I'm focused on apparmor again this week 16:45 I think the packaging bits on my end are mostly resolved, waiting for sarnold's testing results 16:45 I'll be focusing on jjohansen1's ipc patchset this week 16:46 and keeping an eye on UDS as well. 16:46 That's pretty much it for me. 16:46 tyhicks: tag, you're it. 16:46 I'm still trying to wrap up dbus and move to apparmor 16:47 my dbus-daemon v2 patches are done (along with 3 new patches for a bug fix and a missing feature) 16:47 I'm testing them now and will have them submitted this afternoon 16:48 then the rest of the week is kdbus and helping out with apparmor work items 16:48 that's it for me 16:48 jjohansen1: you're up 16:49 so I am working on apparmor again this week, there is some more revision to the ipc work to be done, and also work on stacking for lxc 16:49 there are also some open bugs that need tracked down, that I am hoping to get to or delegate this week 16:50 And of course following UDS as well, coordinating with sbeattie, and tyhicks 16:50 * sbeattie senses a target on his back 16:50 hehe 16:50 oh and sarnold on the 2.95 snapshot he is prepping 16:52 sbeattie: you mean I have to actually hit, I was hoping this was more like hand grenades and could just lob stuff in your general direction, and get sarnold and tyhicks at the same time 16:52 * sarnold falls over 16:53 lol 16:53 * mdeslaur loads paintball gun with apparmor bugs 16:53 I think that is it from me, sarnold you are up 16:53 I'm on triage this week 16:55 sbeattie, jjohansen1, and i have finally gotten an apparmor package that passes QRT! I haven't done much use-testing with it yet, just simple "oh hey look is does kinda work" runs 16:55 big thanks to john and steve for fixing the worst of the problems 16:55 nice! 16:56 sarnold: just to make sure that I didn't miss a memo, this will be versioned as 2.8.95, correct? (jj said 2.95 above) 16:56 yeah, it's definitely nice to say "it passes our test suite", which feels like a nice minimum to stick with before uploading to trusty. :) 16:56 tyhicks: right 2.8.95. 16:56 thanks 16:57 so, jjohansen1 sent out another huge patchset that I suspect we'll need for trusty; we should see how the packages do against the tests with those patches integrated 16:57 there were enough of them that I don't think I can give a realistic review of them all in the time we have available to us, certainly not while still doing triage and MIR audits 16:58 I skimmed the first patch and it looked familiar and it looked fine, so I hope that trend continues through the other patches 16:58 sarnold: are you making any progress in the MIRs? 16:58 but there is the chance that one or another of them would introduce something that'd break QRT again 16:59 mdeslaur: I ACKed thermald last week and filed a CVE request for a minor issue in the codebase.. 16:59 cool 16:59 mdeslaur: so one down N to go :) heh 16:59 (literallty) 16:59 lol 17:00 sarnold: are you done? 17:01 mdeslaur: not yet.. 17:01 so, I think I'll give the patches from john a very fast read, probably too fast, but I' really like all those checked into trunk, so we can keep moving forward with the 2.8.95 release 17:01 I could handle them all as individual patches in debian/patches/series but it'd triple the patches i the package, and I'd really like to avoid that.. 17:02 anyway, I guess that's me done. 17:02 chrisccoulson: you're up 17:03 this week, i'm finishing off my network delegate work for oxide (which is what will enable the browser to override the user-agent string for each HTTP request). i was hoping to finish that last week, but hit an issue with my original plan 17:04 (this is complicated by the fact that it all happens on chrome's IO thread, and code execution in qml can only happen on a single thread) 17:05 once that's done, I've got another bug i need to get done to unblock olivier with some geolocation work 17:05 and then I'm going to spend time reviewing merge proposals, which have been neglected a bit for the last couple of weeks 17:05 i think that's me done 17:06 chrisccoulson: you had "reimplemented the script messaging API on the renderer side" last week 17:06 chrisccoulson: is that done, or is it still to do? 17:07 mdeslaur, oh, that's done: http://bazaar.launchpad.net/~oxide-developers/oxide/oxide.trunk/revision/395 17:07 chrisccoulson: cool 17:07 [TOPIC] Highlighted packages 17:07 The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 17:07 See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 17:07 http://people.canonical.com/~ubuntu-security/cve/pkg/mc.html 17:07 http://people.canonical.com/~ubuntu-security/cve/pkg/gnucash.html 17:07 http://people.canonical.com/~ubuntu-security/cve/pkg/filezilla.html 17:07 http://people.canonical.com/~ubuntu-security/cve/pkg/xmonad-contrib.html 17:07 http://people.canonical.com/~ubuntu-security/cve/pkg/mplayer.html 17:08 [TOPIC] Miscellaneous and Questions 17:08 Does anyone have any other questions or items to discuss? 17:09 Thanks everyone! 17:09 #endmeeting Generated by MeetBot 0.1.5 (http://wiki.ubuntu.com/meetingology)