16:30 <tyhicks> #startmeeting
16:30 <meetingology> Meeting started Mon Oct  2 16:30:57 2017 UTC.  The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
16:30 <meetingology> 
16:30 <meetingology> Available commands: action commands idea info link nick
16:31 <tyhicks> The meeting agenda can be found at:
16:31 <tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
16:31 <tyhicks> [TOPIC] Announcements
16:31 <tyhicks> Simon Quigley (tsimonq2) provided debdiffs for trusty-zesty for jython (LP: #1714728)
16:31 <ubottu> Launchpad bug 1714728 in jython (Ubuntu Zesty) "[CVEs] Creates executables class files with wrong permissions, Unsafe deserialization leads to code execution" [High,Fix released] https://launchpad.net/bugs/1714728
16:31 <tyhicks> Thank you for your assistance in keeping Ubuntu users secure! :)
16:31 <tyhicks> [TOPIC] Weekly stand-up report
16:31 <tyhicks> jdstrand: you're up
16:31 <jdstrand> hi
16:31 <jdstrand> This week I plan to work on:
16:31 <jdstrand> * PR reviews for layouts (snappy team), per user mounts (desktop team) and other PRs as needed
16:31 <jdstrand> * continue uid/gid work
16:31 <jdstrand> that's it from me
16:31 <jdstrand> * prepare for sprint
16:32 <tyhicks> mdeslaur: you're up
16:33 <mdeslaur> I'm on community this week...
16:33 <mdeslaur> just published a few updates
16:33 <mdeslaur> I have to see what else to work on
16:33 <mdeslaur> that's about it, sbeattie, you're up
16:33 <sbeattie> I'm on bug triage this week
16:34 <sbeattie> I have some tasks from the sprint to finish up: finishing some conversions from bzr to git, and some other process things to look at.
16:34 <sbeattie> I'm working on a perl update, and will look at other updates for this week
16:35 <sbeattie> will have the usual kernel triage to do
16:35 <sbeattie> that's it for me. tyhicks?
16:35 <tyhicks> I'm on CVE triage
16:36 <tyhicks> I may try to make some changes to the CVE triage utilities to match a new workflow that we identified/discussed at the rally last week
16:36 <jdstrand> oh I forget one:
16:36 <tyhicks> I'm about to test my new fscrypt package that contains the pam module and other new work
16:36 <jdstrand> * miscellaneous policy updates based on last week's sprint feedback
16:37 <tyhicks> I need to work on a one-off CVE reporting script
16:37 <tyhicks> I'll finalize and prepare a PR against snapd for dynamic seccomp logging features
16:37 <tyhicks> I think that's it
16:37 <tyhicks> jjohansen: you're up
16:38 <jjohansen> well I am working on the 4.15 pull request, so that is type splitting and unix domain sockets revisions
16:39 <jjohansen> but I am also going to spend some time helping jdstrand with some sprint prep (a demo)
16:40 <jdstrand> oh, am I demo'ing that?
16:40 <jjohansen> I also need to spend some time reviewing mjg's patches, get the latest revision of the LSM stacking patches to the kt, and clean up said LSM stacking patches and kick them back to Casey for his feedback
16:40 <jdstrand> I thought I was going to help you get a demo together for someone to demo :P
16:41 <jjohansen> jdstrand: uh well that is what I thought was going to happen, /me certainly isn't
16:41 <jdstrand> that can be discussed elsewhere
16:41 <jjohansen> okay, the /me revises to help jdstrand get a demo together for some brave soul to demo
16:42 <jjohansen> thats it for /me, sarnold isn't around today so back to you tyhicks
16:42 <tyhicks> chrisccoulson: you're up
16:43 <chrisccoulson> I've got firefox and chromium updates to test and publish, as well as a thunderbird update to do
16:43 <chrisccoulson> I need to get cargo updated to 0.20 - hoping that will go ok
16:43 <chrisccoulson> and then I'll be working on the apparmor audit change we discussed last week
16:44 <chrisccoulson> oh, I need to prepare a mock up of the start page for will, but that shouldn't take long
16:44 <chrisccoulson> that's me done
16:44 <chrisccoulson> fingers crossed my laptop doesn't die :)
16:44 <ratliff> I'm in the happy place this week.
16:44 <ratliff> I will complete the release audits
16:45 <ratliff> I have a high priority internal task and a few tasks to complete as part of sprint prep.
16:45 <ratliff> on to you, leosilva
16:45 <leosilva> I'm in the happy place this week.
16:46 <leosilva> I'll do the usual hunting pkgs to update, as well I have a dnsmasq to try to update (old code it seems, cross fingers(
16:46 <leosilva> that's it from me.
16:46 <leosilva> tyhicks: it's back to you
16:46 <tyhicks> thanks
16:46 <tyhicks> [TOPIC] Highlighted packages
16:46 <tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
16:46 <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
16:46 <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/not-yet-commons-ssl.html
16:46 <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/blueman.html
16:46 <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/pycsw.html
16:46 <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/yaml-cpp0.3.html
16:47 <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/openttd.html
16:47 <tyhicks> [TOPIC] Miscellaneous and Questions
16:47 <tyhicks> Does anyone have any other questions or items to discuss?
16:47 <tyhicks> the next meeting will be in two weeks (Oct 16th)
16:48 <tyhicks> jdstrand, mdeslaur, sbeattie, jjohansen, ChrisCoulson, ratliff, leosilva: Thanks!
16:48 <tyhicks> #endmeeting