#ubuntu-meeting log

17:02 <jdstrand> #startmeeting
17:02 <meetingology> Meeting started Mon Jan  5 17:02:24 2015 UTC.  The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
17:02 <meetingology> 
17:02 <meetingology> Available commands: action commands idea info link nick
17:02 <jdstrand> The meeting agenda can be found at:
17:02 <jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
17:02 <jdstrand> [TOPIC] Weekly stand-up report
17:02 <jdstrand> actually, I skipped something
17:02 <jdstrand> [TOPIC] Announcements
17:03 <jdstrand> Thomas Ward (teward) provided an update for utopic for wireshark (LP: #1397091)  Your work is very much appreciated and will keep Ubuntu users secure. Great job! :)
17:03 <ubottu> Launchpad bug 1397091 in wireshark (Ubuntu Trusty) "[Security] Update Wireshark in Precise, Trusty, and Utopic to include relevant security patches." [High,In progress] https://launchpad.net/bugs/1397091
17:03 <jdstrand> [TOPIC] Weekly stand-up report
17:03 <jdstrand> I'll go first
17:03 <jdstrand> I'm in the happy place this week
17:03 <jdstrand> I'm catching up on a few things
17:04 <jdstrand> I have several snappy tasks to attend to this week, the first being some seccomp investigations
17:05 <jdstrand> I'm going to be pulling people in for discussions, reviews, etc over the coming few weeks to make sure everything is sound and make sense
17:06 <jdstrand> I've got two pending issues I'm working on: mercurial and glance. mercurial is community supported though, but if people had tips for getting the trusty testsuite to pass (a no change rebuild fails in tghave), feel free to contact me in #ubuntu-hardened
17:06 <jdstrand> I'll figure it out eventually, but it'll go out faster if I get help from the community
17:07 <jdstrand> mdeslaur: you're up
17:07 <mdeslaur> I'm on triage this week
17:07 <mdeslaur> and tomorrow I'm on patch piloting
17:08 <mdeslaur> We have a backlog of about 50 packages that need security updates, so I'll be working on that
17:08 <mdeslaur> that's it from me, sbeattie, you're up
17:08 <sbeattie> I've got a variety of things on my plate this week:
17:09 <sbeattie> I need to get back to the compiler pie-on-amd64 stuff: I've discovered it breaks dkms compilation for some reason
17:09 <sbeattie> I'll try to pick up one or two of the outstanding updates
17:10 <sbeattie> I was also working on updating vivid's apparmor to the upstream 2.9.1 release, and discovered that lp: #1407437 is an upstream issue
17:10 <ubottu> Launchpad bug 1407437 in apparmor (Ubuntu) "aa-enforce fails with ImportError: No module named rule.capability" [Undecided,New] https://launchpad.net/bugs/1407437
17:11 <sbeattie> That's pretty much it for me.
17:11 <sbeattie> tyhicks is not here, so sarnold?
17:11 <sarnold> I'm on community this week
17:12 <sarnold> I'll be catching up on two weeks of unread email and probably helping out with updates
17:13 <sarnold> I believe there's also a huge backlog of apparmor patches, but that'll probably only be short-and-easy patches reviewed initially
17:13 <sarnold> that's it for me, chrisccoulson?
17:13 <chrisccoulson> This week, I need to fix bug 1398174
17:13 <ubottu> bug 1398174 in firefox (Ubuntu) "Move search provider defaults from Ubufox to Firefox" [Critical,Triaged] https://launchpad.net/bugs/1398174
17:14 <chrisccoulson> I'll also be working on bug 1337506, and working through Oxide reviews
17:14 <ubottu> bug 1337506 in Oxide "FATAL:texture_manager.cc(76)] Check failed: texture_count_ == 0u (1 vs. 0)" [High,In progress] https://launchpad.net/bugs/1337506
17:14 <chrisccoulson> And I finally managed to land http://bazaar.launchpad.net/~oxide-developers/oxide/oxide.trunk/revision/901 at the weekend :)
17:14 <chrisccoulson> that's me done
17:15 <jdstrand> chrisccoulson: for 1337506, is that an oxide crasher?
17:15 <chrisccoulson> It is
17:15 <jdstrand> chrisccoulson: do you have a feel for how often it happens? I occasionally see webbrowser-app crash and was curious
17:16 <chrisccoulson> It's only a shutdown crash, but it's a symptom of a bigger issue
17:16 <jdstrand> re LocationBarController API> cool! :)
17:16 <jdstrand> chrisccoulson: ack
17:16 <jdstrand> also, what prompted the fix for 1398174?
17:17 <chrisccoulson> This is related to the change in default search engine
17:18 <jdstrand> chrisccoulson: I guess I was really asking: is ubufox going away and if so, why?
17:18 <chrisccoulson> It's not going away, but it won't define the default search engines anymore
17:20 <jdstrand> [TOPIC] Highlighted packages
17:20 <jdstrand> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
17:20 <jdstrand> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
17:20 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/oath-toolkit.html
17:20 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/gcc-4.9-ppc64el-cross.html
17:20 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/merkaartor.html
17:20 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/libplack-perl.html
17:20 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/texmacs.html
17:21 <jdstrand> [TOPIC] Miscellaneous and Questions
17:21 <jdstrand> Does anyone have any other questions or items to discuss?
17:21 <teward> *raises hand*
17:21 <jdstrand> teward: hi, go ahead
17:21 <teward> jdstrand: thanks for the acknowledge on the wireshark updates - on that note, work has stalled on the other versions, the community is welcome to start picking up on that.
17:22 <teward> new upload to Vivid for nginx has effectively mitigated POODLE out of the box - this was an issue on my radar for some time and has effectively been mititgated as of last week out of the box thanks to Debian changes.
17:22 <teward> /done
17:22 <jdstrand> re nginx> oh, neat :)
17:23 <teward> jdstrand: yeah, i thought so, it's handled at the nginx.conf (nginx-instance-wide) level instead of at the site config level, which is why i say it effectively mitigates POODLE
17:23 <teward> definitely a plus :)
17:24 <teward> since nginx-core is in main, i thought it relevant to mention.  all done here.
17:30 <jdstrand> mdeslaur, sbeattie, sarnold, chrisccoulson, teward: thanks
17:30 <jdstrand> #endmeeting