== Meeting information == * #ubuntu-meeting Meeting, 24 Apr at 16:31 — 16:50 UTC * Full logs at [[http://ubottu.com/meetingology/logs/ubuntu-meeting/2017/ubuntu-meeting.2017-04-24-16.31.log.html]] == Meeting summary == ''LINK:'' https://wiki.ubuntu.com/SecurityTeam/Meeting === Weekly stand-up report === The discussion about "Weekly stand-up report" started at 16:31. === Highlighted packages === The discussion about "Highlighted packages" started at 16:47. * ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/xrdp.html * ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/efl.html * ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/tqdm.html * ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/mariadb-10.1.html * ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/tcptrack.html === Miscellaneous and Questions === The discussion about "Miscellaneous and Questions" started at 16:47. == Vote results == == Done items == * (none) == People present (lines said) == * tyhicks (31) * jdstrand (11) * mdeslaur (10) * sbeattie (7) * sarnold (6) * jjohansen (5) * ratliff (4) * chrisccoulson (4) * meetingology (3) * ubottu (2) == Full Log == 16:31 #startmeeting 16:31 Meeting started Mon Apr 24 16:31:12 2017 UTC. The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:31 16:31 Available commands: action commands idea info link nick 16:31 The meeting agenda can be found at: 16:31 [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:31 [TOPIC] Weekly stand-up report 16:31 jdstrand: you're up 16:31 \o 16:35 mdeslaur: go ahead (we'll circle back) 16:35 I'm on triage this week 16:35 I'm currently testing samba and qemu updates for zesty 16:35 after that, I'll be doing mysql updates since we're running late on them 16:36 after that, I have nss and ca-certificates updates planned 16:36 that's probably my next couple of weeks 16:36 sbeattie: you're up 16:36 I'm in the happy place this week 16:36 I'm working on libxslt updates 16:36 I will have some kernel USNs to write 16:37 I expect to get handed some openjdk packages to test and publish this week 16:37 There's some apparmor things I want to look at, and some qrt things to fix as well. 16:37 That's probably my week 16:37 tyhicks: over to you. 16:37 I'm in the happy place this week 16:38 I am coordinating an embargoed issue 16:38 I still need to sponsor mozjs38 security update from my community duties last week 16:38 I have sprint prep 16:38 and I'd like to pick up my seccomp work again 16:38 short week - off on Friday 16:39 jjohansen: go ahead 16:39 I am continuing my work on upstreaming apparmor, I need to finish chasing down a bug in the securityfs interface work and get that posted, and push out a kernel for testing the fix for bug 1669611, which means I can repush the fix for bug 1660846 16:39 bug 1669611 in linux (Ubuntu Zesty) "Regression in 4.4.0-65-generic causes very frequent system crashes" [Critical,Fix released] https://launchpad.net/bugs/1669611 16:39 bug 1660846 in linux (Ubuntu Yakkety) "apparmor leaking securityfs pin count" [Undecided,Triaged] https://launchpad.net/bugs/1660846 16:39 tyhicks: (sorry I got distracted by an irc ocnversation) 16:40 I also have queued up several other fixes that I should SRU this week 1679704, 1678048 16:40 and a couple others I don't have bugs for yet 16:41 then I can poke at more of the checkpatch cleanups I need for the next upstream push 16:41 I think that is it for me, sarnold you are up 16:42 I'm on community this week; still plugging away at shadow and then the MIRs.. 16:42 that's it for me, chrisccoulson? 16:43 I've got thunderbird and chromium updates to do this week 16:43 Also, on my non-oxide backlog of tasks, I've got an item to re-automate the uploading of firefox debug symbols to mozilla's symbol server, which I plan to do this week 16:44 And I've got some firefox build failures to fix too 16:44 I think that's me done 16:44 I'm on bug triage 16:45 I will be working predominantly on sprint prep and some analysis work that falls out of that work. 16:45 jdstrand: you're up 16:45 last week was dominated by PR reviews, store reviews and responding to snappy forum topics. One notable topic I offered to start in an effort to get attention on the topic was https://forum.snapcraft.io/t/snappy-and-users-and-groups/331 16:46 I did manage to resurrect the various outstanding seccomp arg filtering branches (as planned) but still have some work to do there. I did discuss wayland interfaces a bit and coordinated with the desktop team on that work, but didn't get much farther on my bits. I submitted some PRs for various policy fixes 16:46 I did not work on pam/stacking docs (no time) 16:46 this week I plan to: 16:46 - continue various ongoing and new snappy PR reviews (notably, bash completion, dbus session services, snap-update-ns and migrate Xauthority, but more as needed) 16:46 - various policy fixes 16:46 - keep plugging away at seccomp arg filtering (specifically fix the mknod branch and pick up the uid/gid branch) 16:46 - wayland/gnome/plasma interfaces as have time 16:46 - pam/stacking docs if have time 16:46 that's it from me 16:46 back to you, tyhicks 16:47 thanks 16:47 [TOPIC] Highlighted packages 16:47 The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 16:47 See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 16:47 http://people.canonical.com/~ubuntu-security/cve/pkg/xrdp.html 16:47 http://people.canonical.com/~ubuntu-security/cve/pkg/efl.html 16:47 http://people.canonical.com/~ubuntu-security/cve/pkg/tqdm.html 16:47 http://people.canonical.com/~ubuntu-security/cve/pkg/mariadb-10.1.html 16:47 http://people.canonical.com/~ubuntu-security/cve/pkg/tcptrack.html 16:47 [TOPIC] Miscellaneous and Questions 16:48 Does anyone have any other questions or items to discuss? 16:48 I have one topic 16:48 mdeslaur, sbeattie, sarnold: we need to do https://wiki.ubuntu.com/SecurityTeam/ReleaseCycle#Devel_Opens 16:48 mdeslaur, sbeattie, sarnold: any takers? 16:48 sure, I'll grab it 16:49 thanks sarnold :) 16:49 IT'S A TRAP! 16:49 ;) 16:49 :D 16:49 there's that one 'update the pretend spreadsheet in vim' step that always baffles me 16:50 yes, that was pretty much the trap I was referring to :) 16:50 heh 16:50 jdstrand, mdeslaur, sbeattie, jjohansen, sarnold, ChrisCoulson, ratliff: Thanks! 16:50 I seem to recall thinking that it'd be easier to figure it out and then write down a macro for vim :) 16:50 #endmeeting Generated by MeetBot 0.1.5 (http://wiki.ubuntu.com/meetingology)