16:31 <jdstrand> #startmeeting
16:31 <meetingology> Meeting started Mon Jun  6 16:31:44 2016 UTC.  The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
16:31 <meetingology> 
16:31 <meetingology> Available commands: action commands idea info link nick
16:31 <jdstrand> The meeting agenda can be found at:
16:31 <jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
16:32 <jdstrand> I've got an announcement but will wait til the end
16:33 <jdstrand> [TOPIC] Weekly stand-up report
16:33 <jdstrand> I'll go first
16:33 <jdstrand> I've got a number of snappy PRs to followup on (gsettings, input methods, etc)
16:34 <jdstrand> I also have a couple snapd interface reviews (modem-manager and ppp, but expect more)
16:34 <jdstrand> I have some more to look at with seccomp arg filtering
16:34 <jdstrand> I also have various snapd interface policy updates and investigations
16:34 <jdstrand> I also have some review tools updates for snap.yaml changes and a few small bug fixes
16:35 <jdstrand> if I have time, I'll get started on the docker snappy interface
16:35 <jdstrand> I think that's it from me
16:35 <jdstrand> mdeslaur: you're up
16:35 <mdeslaur> I'm on triage and community duties this week
16:35 <mdeslaur> I'm about to publish a libxml2 update in a few minutes
16:35 <mdeslaur> and I'm off wednesday afternoon
16:35 <mdeslaur> I'll be going down the cve list, as usual after that
16:36 <mdeslaur> that's it for me, sbeattie?
16:36 <sbeattie> I've got a short week this week, will be off starting wednesday.
16:36 <sbeattie> I'm on bug triage while I'm here.
16:36 <sbeattie> I'm also prepping for the sprint next week
16:37 <sbeattie> I need to spend some time poking at the kernel cve->lp bugs sync script
16:38 <sbeattie> I'm continuing to look for build failures in yakkety due to gcc pie
16:38 <sbeattie> and I'll take a peek at the cve list to see if there's something I can pick up there.
16:38 <sbeattie> that's probably it for me.
16:38 <sbeattie> oh right, tyhicks is not here... is jjohansen back yet?
16:39 <sbeattie> Or maybe we should jump to sarnold.
16:39 <sarnold> I think I'm in the happy place this week
16:39 <sarnold> it's a very short week for me, monday and tuesday only
16:40 <sarnold> I'll be working on some sprint prep and backporting imagemagick patches
16:40 <sarnold> that's it for me, chrisccoulson?
16:41 <chrisccoulson> I've got Firefox updates this week, and I'm hoping Chromium will be ready to sponsor. I've just finished Oxide
16:42 <chrisccoulson> Other than that, I'll be working through oxide bugs as usual
16:42 <chrisccoulson> I think that's me done
16:44 <jdstrand> chrisccoulson: 'just finished oxide'-- you mean for USN?
16:44 <chrisccoulson> jdstrand, yeah
16:44 <jdstrand> thanks
16:44 <jdstrand> [TOPIC] Announcements
16:45 <jdstrand> I'd like to announce a couple of changes to the structure of the security team.
16:45 <jdstrand> After almost 5.5 years as the manager of the security team, I decided it was time for a change. The security team is too awesome to leave so I'm not going far: I will stay on the security team as a generalist focusing on snappy initially and getting back to generalist duties in due course. :)
16:45 <jdstrand> The other change is that I'd like to extend a warm welcome to Emily Ratliff (ratliff) for joining the Ubuntu Security team as manager and I'll be working with her to ensure a smooth transition. If you don't know Emily already, google her ;) She is very talented and accomplished and we are super-excited to have her join Canonical and the Ubuntu Security team. :)
16:46 <jdstrand> ratliff: hi! not sure if you have anything to report for this week, but welcome! :)
16:46 <sbeattie> woot! welcome ratliff!
16:46 <ratliff> Thank you, jdstrand! I am very excited to be here and looking forward to the sprint next week.
16:46 <sarnold> welcome aboard ratliff :)
16:47 <mdeslaur> ratliff: welcome!
16:47 <ratliff> As my first accomplishment, I have broken SSO. Once IS and I work things out, I will be easier to find, meanwhile I'm here on freenode
16:47 <jdstrand> hehe
16:47 <sarnold> excellent :)
16:47 <ratliff> :-)
16:47 <jdstrand> [TOPIC] Highlighted packages
16:47 <jdstrand> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
16:47 <jdstrand> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
16:47 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/batmand.html
16:48 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/node-semver.html
16:48 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/pinpoint.html
16:48 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/mod-gnutls.html
16:48 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/gnugk.html
16:48 <jdstrand> [TOPIC] Miscellaneous and Questions
16:48 <jdstrand> Does anyone have any other questions or items to discuss?
16:49 <teward> Just want to thank mdeslaur for ACKing the nginx debdiffs, helping get the nginx vulnerability patched rapidly :)
16:49 <jdstrand> oh
16:50 <teward> :)
16:50 <jdstrand> teward: I forgot to put that in the announcement
16:50 <teward> and to thank the Security Team for a continued job well done :)
16:50 <jdstrand> Thomas Ward (teward) provided debdiffs for trusty-xenial for nginx (LP: #1587577)
16:50 <ubottu> Launchpad bug 1587577 in nginx (Ubuntu Yakkety) "[CVE-2016-4450] NULL pointer dereference while writing client request body" [Undecided,Fix released] https://launchpad.net/bugs/1587577
16:50 <teward> jdstrand: not a problem :)
16:50 <jdstrand> :)
16:50 <mdeslaur> teward: thanks for the debdiffs!
16:51 <jdstrand> teward: thank you for the debdiffs and continuing to care for nginx :)
16:51 <teward> my pleasure :)
16:53 <jdstrand> mdeslaur, sbeattie, sarnold, chrisccoulson, ratliff, teward: thanks!
16:53 <jdstrand> #endmeeting