16:45 <jdstrand> #startmeeting
16:45 <meetingology> Meeting started Mon Aug  4 16:45:21 2014 UTC.  The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
16:45 <meetingology> 
16:45 <meetingology> Available commands: action commands idea info link nick
16:45 <jdstrand> The meeting agenda can be found at:
16:45 <jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
16:45 <jdstrand> [TOPIC] Announcements
16:45 <jdstrand> Thanks to the following people for their help on security updates for these community supported packages last week:
16:45 <jdstrand> Mike Heald (jedimike) provided a debdiff for precise for nss-pam-ldapd (LP: #1347614)
16:45 <ubottu> Launchpad bug 1347614 in nss-pam-ldapd (Ubuntu) "Fix for CVE-2013-0288 in precise package" [Undecided,Fix released] https://launchpad.net/bugs/1347614
16:45 <jdstrand> Julian Taylor (jtaylor) provided a debdiff for precise for ipython (LP: #1344854)
16:45 <ubottu> Launchpad bug 1344854 in ipython (Ubuntu Precise) "CVE-2014-3429: remote execution via cross origin websocket" [Undecided,Fix released] https://launchpad.net/bugs/1344854
16:45 <jdstrand> Stefan Bader (smb) provided a precise package for xen
16:46 <jdstrand> Your work is very much appreciated and will keep Ubuntu users secure. Great job! :)
16:46 <jdstrand> [TOPIC] Weekly stand-up report
16:46 <jdstrand> I'll go first
16:47 <jdstrand> this morning I finally managed to have no open items in the hr system (ie, perf reviews are done)
16:47 <jdstrand> so this week I'll help with apparmor testing and landing
16:47 <jdstrand> I'm on triage
16:47 <jdstrand> and I have a bunch of pending updates (openjdk, openstack)
16:48 <jdstrand> mdeslaur: you're up
16:48 <mdeslaur> I'm currently publishing some updates
16:48 <mdeslaur> and have more pending
16:48 <mdeslaur> and will be going down the list some more...I want to clear out the list as much as possible before I go on vacation on the 20th
16:48 <mdeslaur> I'm on community this week
16:49 <mdeslaur> am currently sponsoring an update for Riddell
16:49 <mdeslaur> that's about it
16:49 <mdeslaur> sbeattie isn't here...who's after him? tyhicks?
16:49 <tyhicks> I think so
16:49 <jdstrand> yes
16:49 <tyhicks> I'm still plugging away at the versioned parser patches
16:50 <tyhicks> after thinking about what will be needed to do it from kernel postinst, I realized that I need to make some changes
16:50 <tyhicks> however, I'm about to put that aside and do a few updates to the apparmor Ubuntu package in prep for landing the abstract socket changes
16:50 <mdeslaur> \o/
16:50 <tyhicks> (we've gathered a few small changes, in addition to abstract socket mediation, that we wanted to lump into the same update)
16:51 <tyhicks> if I have any extra time, there have been a few ecryptfs-utils bugs that should get some attention
16:51 * jdstrand wouldn't count on extra time this particular week
16:51 <jdstrand> :)
16:52 <tyhicks> agreed :)
16:52 <jdstrand> maybe friday :)
16:52 <tyhicks> that's it for me
16:52 <tyhicks> jjohansen: you're up
16:53 <jjohansen> I will be pulling my hair out,^W^W^W^W err working on apparmor abstract socket mediation this week
16:53 <jjohansen> the latest iteration of the kernel is in the usual place, http://people.canonical.com/~jj/linux-image-3.15.0-6-generic_3.15.0-6.95+jj_amd64.deb
16:54 <jjohansen> and another iteration is building
16:54 <jjohansen> I still have a few changes to the parser to finish up to match the latest kernel as out of band transitions will not land with this
16:55 <jjohansen> I expect to be iterating, this stuff and testing and helping with policy until we land this mess
16:56 * jjohansen is in the process of getting the kernel patch together for sarnold, and anyone else who wants to gouge their eyes out
16:57 <jjohansen> and the parser patches will follow later today
16:58 * sarnold passes around the mellon ballers
16:59 <jjohansen> that is it for me, sarnold your up
17:00 <sarnold> I'm in the happy place this week, I've got some outstanding MIR reviews and another merge from tvoss for trust store to review -- presumably some apparmor patches to review too :) I suspect the apparmor patches alone would be enough to fill the week
17:01 <jjohansen> sarnold: I'm glab you can call this your happy place ;)
17:01 <sarnold> jjohansen: heh, compared to 70-odd CVEs to triage, it feels pretty happy :)
17:02 <sarnold> tvoss's C++ is like reading urdu poetry -- I know it's beautiful but I just can't understand the language :D
17:02 <sarnold> anyway, that's me, chrisccoulson?
17:02 <jdstrand> sarnold: hehe
17:03 <chrisccoulson> so, good news! I tested chromium 36 this morning
17:03 <chrisccoulson> the bad news is that it crashes at startup on precise
17:04 <mdeslaur> \o/...oh wait, /o\
17:04 <chrisccoulson> so, at some point, that will be going out (once chad has fixed it)
17:04 <chrisccoulson> I've also got some reviews to do for oxide
17:05 <chrisccoulson> other than that, I'll be working through my RTM bugs
17:05 <chrisccoulson> that's me done :)
17:05 <mdeslaur> chrisccoulson: anything big for rtm?
17:06 <jdstrand> re 36> \o/
17:06 <jdstrand> :P
17:07 <chrisccoulson> mdeslaur, https://bugs.launchpad.net/oxide/+bugs?field.searchtext=&orderby=-importance&search=Search&field.status%3Alist=NEW&field.status%3Alist=CONFIRMED&field.status%3Alist=TRIAGED&field.status%3Alist=INPROGRESS&field.status%3Alist=FIXCOMMITTED&field.tag=rtm14
17:07 <chrisccoulson> some of those need dropping off there actually
17:08 <mdeslaur> ah, so just a couple of minor things I see :)
17:08 <mdeslaur> </j>
17:09 <jdstrand> chrisccoulson: feel free to remove the rtm14 tag from the medium ones
17:09 <chrisccoulson> sure, will do
17:10 <jdstrand> chrisccoulson: the way that critical and high are being handled is critical means we can't ship without it, high is we really want to ship with it but can provide an ota update
17:10 <chrisccoulson> yeah, that makes sense
17:10 <jdstrand> not sure the current priorities match that. might be worth discussing in the next oxide meeting
17:11 <jdstrand> [TOPIC] Highlighted packages
17:11 <jdstrand> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
17:12 <jdstrand> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
17:12 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/fwsnort.html
17:12 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/php-sabredav.html
17:12 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/bip.html
17:12 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/gamera.html
17:12 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/ruby-net-ldap.html
17:12 <jdstrand> [TOPIC] Miscellaneous and Questions
17:12 <jdstrand> Does anyone have any other questions or items to discuss?
17:12 <tangim> is there any kdeconnect allernative for unity??
17:13 <jdstrand> tangim: I think you might want #ubuntu-user
17:14 <tangim> umm...i don't know diffrence between ubuntu-meeting, ubuntu-on-air and ubuntu-user :(
17:14 <jdstrand> tangim: see the /topic for each. this is a place where teams have meetings, not a general support forum
17:15 <tangim> oh...thanks :)
17:17 <jdstrand> np
17:17 <jdstrand> mdeslaur, tyhicks, jjohansen, sarnold, chrisccoulson: thanks!
17:17 <jdstrand> #endmeeting