16:35 #startmeeting 16:35 Meeting started Mon Jun 9 16:35:13 2014 UTC. The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:35 16:35 Available commands: action commands idea info link nick 16:35 The meeting agenda can be found at: 16:35 [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:35 [TOPIC] Announcements 16:35 Felix Geyer (debfx) provided debdiffs for precise-trusty for mod-wsgi (LP: #1322338). Your work is very much appreciated and will keep Ubuntu users secure. Great job! 16:35 Launchpad bug 1322338 in mod-wsgi (Ubuntu Utopic) "CVE 2014-0240 and CVE 2014-0242" [Undecided,Fix released] https://launchpad.net/bugs/1322338 16:35 [TOPIC] Weekly stand-up report 16:35 I'll go first 16:36 short week this week. I am off Wednesday 16:36 I'm on community this week 16:36 I need to send my ofono hardening work to the phonedations team (ie, where only certain applications can communicate to ofono) 16:36 there is a bit more work to do there, but I have it working on my phone, so that is good 16:37 I have been doing phablet kernel testing for jjohansen-- mako looks good so far, still need to do flo and goldfish, but I imagine jjohansen has those tested already 16:37 I am working on several different openstack updates 16:38 and have various sprint outcomes to still go through 16:38 sure I've run those, there are some basic policy updates, but jdstrand has seen those already 16:39 jdstrand: you pulled in the new apparmor package correct? 16:39 jjohansen: yes 16:39 okay good 16:39 we need to get this into utopic so our delta is as small as possible when we update for abstract, but we can talk about that in jjohansen's time 16:40 mdeslaur: you're up 16:40 I'm in the happy place this week 16:40 I have some json-c packages to test, and am currently working on dpkg updates 16:40 also have to do the non-trivial libtasn backports 16:41 tomorrow, I'm doing a Q&A for UDS^H^H^Hwhatever replaces UDS 16:41 oh, I guess there is UOS too 16:41 (jeez, busy week) 16:41 * sbeattie collects rotten tomatoes for that 16:41 and I need to look at an updated apparmor package for U 16:41 jjohansen's packages is missing a couple of the latest commits, which I guess we're going to want 16:42 so I'll remerge from trunk I guess 16:42 and, yeah, attend UOS 16:42 mdeslaur: O_o I pulled that fresh on friday 16:42 not that the debian packaging side doesn't need some fixing :) 16:43 jjohansen: oh, the two missing commits are freom friday 16:43 d'oh 16:43 jjohansen: yeah, I'll take a look and see if everything's good with the packaging 16:43 haha, nice 16:44 that's it from me, sbeattie? 16:44 I'm focusing again on getting pie by default for amd64 in gcc this week 16:44 sbeattie: what's the current status? 16:44 I have a test compiler that bootstraps and does the right for common cases. 16:45 There's a couple of situations that the gcc testsuite where it's not compiling the .o with -fPIE when it needs to, but tries to link with -pie, which fails, so I'm tracking down why that fails. 16:46 I'm in the middle of setting up a ppa with that compiler as the default, to enable wider testing/benchmarking. 16:46 cool 16:47 I have some apparmor patches to review and submit. 16:47 sbeattie: oh, are those good for U too? 16:47 mdeslaur: cboltz's patch is, yes, though I need to dig in to why I can't reproduce his failure in U. 16:48 ok 16:48 I may try to take a swap day off on friday... 16:48 And I'll be attending UOS. 16:49 That's it for me, I think. tyhicks? 16:49 I'm focusing on my kdbus work item this week 16:49 I keep letting myself get distracted by other work, so I'm only going to plan on that one work item 16:49 I'll sync up w/ everyone once it is done for what I should focus on next 16:49 (Some UOS for me this week, as well) 16:49 That's it for me 16:49 jjohansen: you're up 16:50 So I've got UOS to distract me this week, and a couple of bugs to poke at and at least triage 16:51 We have the utopic touch device kernels in testing, and I think ready to be pulled 16:51 so I will send that request out as soon as its dependencies fall into place (maybe this week) 16:52 is anything there waiting on a new userspace? 16:52 This basically falls out as: more testing, policy updates, and the new apparmor userspace in U 16:53 mdeslaur: yep, the kernel won't go until that is updated, reason: userspace fixes a compiler issue that results in policy that causes failures under the new kernel 16:53 hrm 16:53 ok 16:53 guess I'll work on that tomorrow or wed then 16:55 Besides testing/collaborating with jdstrand on the policy updates, I'll be working on the apparmor kernel module 16:55 * mdeslaur still needs to figure out how he got volunteered to do the U update 16:55 to finish up the missing pieces 16:56 mdeslaur: well it was one of those quick mdeslaur isn't paying attention get him to agree while he is distracted 16:56 mdeslaur: we sent you out to collect beer and cheetos while we decided, to help the volunteering process along. 16:56 I'm wondering when we're goign to tell mdeslaur he also volunteered for the T update... 16:56 jjohansen: policy updates should all be in place 16:56 * mdeslaur shakes fist at team 16:57 jdstrand: when will they hit the images? 16:57 they are there 16:57 check that off your list :) 16:57 okay, I'll update and see how it goes, and then check it off the list :P 16:58 I think that is it for me, sarnold your up 16:58 on mako I have no denials except with media-hub, but that is unrelated 16:58 (it also works fine and I've pinged jhodapp about it) 16:59 jdstrand: I expect everything will be fine, I just want to run it through the 4 devices to make sure 16:59 sure 16:59 * jjohansen wants to avoid the whole your new kernel broke, ... mess 17:01 I'm on triage this week; I'm also reading some angry tweets for UOS, investigating click packaging to see how authenticity checks are being performed, and if there's any time left returning to the interminable mod_wsgi fixes for django 17:01 I think that's it for me, chrisccoulson? 17:02 this week, it's mozilla updates for me 17:02 plus one other update 17:02 my other main task is fixing bug 1312082, which I hope to have done this week 17:02 bug 1312082 in Oxide "Stop using deprecated compositing paths" [High,Triaged] https://launchpad.net/bugs/1312082 17:03 chrisccoulson: so will the new paths be next on the deprecated list, or are they the current ones? :) 17:03 mdeslaur, no, we'll be using the same path as all other platforms :) 17:03 oh cool :) 17:04 i think that's me done 17:06 chrisccoulson: moving away from the deprecated paths is required for the media-hub work to really start, correct? 17:06 jdstrand, there's parts of that which can be started without it 17:07 sure, but this has to be done for it 17:07 chrisccoulson: the others are starting on the parts that can be done now, no? 17:07 jdstrand, yeah, I think so 17:07 * jdstrand saw various bug assignments, etc last week 17:07 cool 17:07 [TOPIC] Highlighted packages 17:07 The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 17:08 See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 17:08 http://people.canonical.com/~ubuntu-security/cve/pkg/libapache2-mod-nss.html 17:08 http://people.canonical.com/~ubuntu-security/cve/pkg/dolibarr.html 17:08 http://people.canonical.com/~ubuntu-security/cve/pkg/gnumeric.html 17:08 http://people.canonical.com/~ubuntu-security/cve/pkg/ircd-ratbox.html 17:08 http://people.canonical.com/~ubuntu-security/cve/pkg/ngircd.html 17:08 [TOPIC] Miscellaneous and Questions 17:08 Does anyone have any other questions or items to discuss? 17:15 mdeslaur, sbeattie, tyhicks, jjohansen, sarnold, ChrisCoulson: thanks! 17:15 #endmeeting