#ubuntu-meeting log

16:36 <tyhicks> #startmeeting
16:36 <meetingology> Meeting started Mon Nov 13 16:36:01 2017 UTC.  The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
16:36 <meetingology> 
16:36 <meetingology> Available commands: action commands idea info link nick
16:36 <tyhicks> The meeting agenda can be found at:
16:36 <tyhicks> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
16:36 <tyhicks> [TOPIC] Weekly stand-up report
16:36 <tyhicks> jdstrand: you're up
16:36 <leosilva> o/
16:39 <tyhicks> mdeslaur: go ahead and we'll circle back to jdstrand
16:39 <mdeslaur> I'm on community this week
16:40 <mdeslaur> I have a bunch of security fake syncs to do from debian
16:40 <mdeslaur> and I need to release some postgresql updates
16:40 <mdeslaur> I'll pick something up from the list after that
16:40 * jdstrand is here now
16:40 <mdeslaur> I also have to see why none of my bionic packages are migrating
16:40 <mdeslaur> autopkgdos
16:40 <mdeslaur> that's about it, jdstrand, you're up
16:40 <jdstrand> hi!
16:41 <jdstrand> This week I plan to:
16:41 <jdstrand> * perform snapd reviews. A lot came in last week and I suspect this will take most of my time. This includes, but is not limited to, reviews pertaining to layouts
16:41 <jdstrand> * pickup the ssh/gpg interfaces PR since I recently got feedback on it
16:41 <jdstrand> * investigate/implement proper fix for hotplugged devices not being added to device cgroup (mir input forum issue)
16:41 <jdstrand> * pickup uid/gid work as have time (though I don't expect to get to it)
16:41 <jdstrand> that's it from me. sbeattie, you're up
16:41 <sbeattie> I'm on bug triage this week
16:42 <sbeattie> I'm researching doing cve triage and notifications for snaps
16:42 <sbeattie> I have some upstream apparmor work to do
16:43 <sbeattie> I'll also have the usual kernel cve triage bits, as well as a potential openjdk-7 update to publish
16:43 <sbeattie> that's probably it for me. tyhicks?
16:43 <jdstrand> mdeslaur: re dd> that is what I thought, but ps didn't show that, so, weird (maybe I did it too late and after dd was done)
16:43 <jdstrand> also, why did I bring that up in this channel?
16:43 <jdstrand> I expect answers :P
16:44 <tyhicks> I'm on CVE triage this week
16:44 <tyhicks> I have an embargoed issue
16:44 <tyhicks> I need to get final clarification on AppArmor audit even ID numbers so that chrisccoulson can begin work on that
16:45 <mdeslaur> jdstrand: oh, actually, it doesn't use dd, I reimplemented the same thing dd basically does in the dbus service
16:45 <mdeslaur> jdstrand: sorry, it was a while ago
16:45 <tyhicks> and I'll be working on squashfs reproduceability
16:45 <tyhicks> that's it for me
16:45 <tyhicks> jjohansen: you're up
16:45 <jdstrand> mdeslaur: I totally forgot you did anything with usb creator :)
16:45 <jjohansen> I am working on getting together the 4.15 apparmor pull
16:45 <mdeslaur> jdstrand: me too :)
16:45 <jdstrand> hehe
16:46 <tyhicks> ah, I have to send the 4.15 ecryptfs pull request but the hard work is already done
16:46 * jdstrand has a question for jjohansen when he's done
16:46 <jjohansen> I have a couple of bugs, I am looking at that I would like to get in
16:47 <jjohansen> I have to get out the policy versioning proposal
16:47 <jjohansen> I have some more LSM stacking work/replies to do
16:47 <jjohansen> and I really need to get a pass done on the mount rework, that I promised to look at more than a month ago
16:48 <jjohansen> thats is more than enough for the week
16:48 <jjohansen> jdstrand: your Q?
16:48 <jdstrand> jjohansen: I just wanted to make sure you saw https://forum.snapcraft.io/t/snapd-2-27-6-2-in-debian-sid-blocked-on-apparmor-in-kernel-4-13-0-1/2813. upstream 4.13 in Debian is denying something that 4.13 Ubuntu does not seem to be
16:49 <jdstrand> so, perhaps add that to your list of bugs to investigate? if you need me to help with it, let me know (we don't have to discuss here)
16:50 <jjohansen> jdstrand: ack, I haven't looked at that so it can go on the list
16:50 <jjohansen> tyhicks: back to you
16:51 <tyhicks> sarnold: go ahead
16:51 <sarnold> niemeyer's conclusions about what should and should not require ptrace isn't really a bug -- the kernel will call resources by whatever names it pleases.
16:51 <jdstrand> sure
16:51 <sarnold> I'm in the happy place this week, working on an embargoed code review; it's large enough project that it could realistically grow to consume the whole week unless there's other priorities
16:52 <sarnold> I'll alsotry to be responsive to apparmor patches
16:52 <jdstrand> my point is that there is a difference between 4.13/upstream and 4.13/ubuntu
16:52 <sarnold> and that's a fine point to make :) hehe
16:52 <jdstrand> :)
16:53 <sarnold> I think that's it for me, chrisccoulson?
16:53 <leosilva> I think he's on the dentist, no?
16:53 <ratliff> chrisccoulson is away for now, so I'll go ahead
16:54 <ratliff> I'm in the happy place this week.
16:54 <ratliff> I will be entirely consumed by internally focused work.
16:54 <ratliff> on to you, leosilva
16:54 <leosilva> I'm the happy place this week :)
16:54 <leosilva> I have perl update to finish for esm.
16:54 <leosilva> After that I will hunting again.
16:54 <leosilva> that's it for me,
16:55 <tyhicks> thanks
16:55 <leosilva> tyhicks: it's back to you
16:55 <tyhicks> [TOPIC] Highlighted packages
16:55 <tyhicks> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
16:55 <tyhicks> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
16:55 <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/sanlock.html
16:55 <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/zope2.13.html
16:55 <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/flatnuke.html
16:55 <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/gnome-shell.html
16:55 <tyhicks> https://people.canonical.com/~ubuntu-security/cve/pkg/node-moment.html
16:55 <tyhicks> [TOPIC] Miscellaneous and Questions
16:55 <tyhicks> Does anyone have any other questions or items to discuss?
16:57 <tyhicks> jdstrand, mdeslaur, sbeattie, jjohansen, sarnold, ChrisCoulson, ratliff, leosilva: Thanks!
16:57 <tyhicks> #endmeeting