16:38 #startmeeting 16:38 Meeting started Mon Mar 19 16:38:18 2018 UTC. The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:38 16:38 Available commands: action commands idea info link nick 16:38 The meeting agenda can be found at: 16:38 [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:38 [TOPIC] Announcements 16:38 The generalist role rotation for this week as follows: 16:38 CVE Triage: sarnold, Bug Triage: ratliff, Community: sbeattie, Happy Place: mdeslaur, leosilva 16:38 We've had several contributions since the last meeting: 16:38 Simon Deziel provided debdiffs for xenial-artful for tor (LP: #1731698) 16:38 Launchpad bug 1731698 in tor (Ubuntu Artful) "[SRU] Tor 0.2.9.14 and 0.3.0.13" [Undecided,Fix released] https://launchpad.net/bugs/1731698 16:38 Philip Rinn provided a debdiff for artful for qtpass (LP: #1747954) 16:38 Launchpad bug 1747954 in qtpass (Ubuntu) "qtpass generates possibly predictable and enumerable passwords" [Undecided,Fix released] https://launchpad.net/bugs/1747954 16:38 Emmet Hikory (persia) provided debdiffs for xenial-artful for mosquitto (LP: #1752591) 16:38 Launchpad bug 1752591 in mosquitto (Ubuntu Bionic) "CVE-2017-7651 and CVE-2017-7652" [Undecided,Fix released] https://launchpad.net/bugs/1752591 16:39 Thanks to the three of you for your assistance in keeping Ubuntu users secure! :) 16:39 Finally, a personal announcement: 16:39 This is my last day on the Ubuntu Security Team :/ 16:39 I'll be moving over to the kernel team but will still have a large focus on security 16:39 The security team is a group of talented and wonderful people and I'll miss working so closely with all of them on a day to day basis 16:39 [TOPIC] Weekly stand-up report 16:39 jdstrand: you're up 16:39 * jdstrand hugs tyhicks 16:39 * tyhicks hugs jdstrand 16:40 * mdeslaur hugs tyhicks 16:40 * tyhicks hugs mdeslaur 16:40 tyhicks: thanks for all you've done for the team over the years. I look forward to continuing to work closely with you :) 16:40 * mdeslaur throws coffee at kernel team 16:40 :) 16:41 tyhicks: tks for all the fishes and shared knowledged dude 16:41 ok, I'll go now 16:41 thanks leosilva :) 16:41 - short week this week (off Friday) 16:41 - email catchup from last week (tons of email) 16:41 - I'm hesitant to say what I plan to work on this week since I haven't read the snap forum email yet, but can say I plan to be responsive to urgent PR reviews, particularly surrounding 18.04 desktop priorities. I expect reviews for portals, layouts and steam 16:41 - process/prioritize sprint outcomes 16:41 - go down the trello backlog as have time 16:42 that's it from me 16:42 mdeslaur: you're up 16:42 I'm in the happy place this week 16:42 I just published some php updates 16:42 and I'm working on bunch of other stuff, see ppa for goodies 16:42 that's about it 16:42 sbeattie: you're up 16:42 I'm in the community role this week 16:43 I have paramiko and openjdk updates to publish 16:43 I am still working on retpoline backports for gcc-4.6 16:43 I also have some kernel cve triage tasks to catch up on. 16:43 and that will probably consume my week 16:44 tyhicks (for the last time :( ): 16:44 I'm cleaning out my desk and trying to wrap up things 16:45 I just merged apparmor 2.12-4 from Debian 16:45 I'll be looking at a busted autopkgtest in the docker.io package that's preventing apparmor uploads from migrating 16:45 I need to leave one last internal documentation trail 16:46 I think that's about it 16:46 jjohansen: you're up 16:46 I have a short week, I am off tuesday 16:47 I am poking at an LXD issue with apparmor https://github.com/lxc/lxd/issues/4340 16:47 and following up on https://bugs.launchpad.net/bugs/1755563 16:47 Launchpad bug 1755563 in linux (Ubuntu Bionic) "dangling symlinks to loaded apparmor policy" [Medium,Confirmed] 16:48 and I am still working my way through the newest iteration of the LSM stacking patches that dropped last week 16:48 I expect that will take the rest of my week 16:48 sarnold: you're up 16:49 I'm on cve triage this week; I'm still working down the list of MIRs, uvloop is up first 16:50 it's a short week for me, I'm off friday 16:50 that's it for me, chrisccoulson? 16:51 I'm just finishing off rust / cargo updates. I'm also expecting thunderbird updates this week 16:51 Fingers crossed for no other updates 16:51 I also need to start looking at gcc6.4 and node for firefox :( 16:52 :( 16:52 other than that, I've got 2 embargoed issues and one internal thing to work on 16:52 that's me don 16:52 *e 16:52 Emily is out today 16:52 leosilva: you're up 16:53 I'm the happy place 16:53 I'm doing my pkg hunting as usual, that's it from me. 16:53 tyhicks: last time it's back to you :P 16:54 thanks! 16:54 [TOPIC] Highlighted packages 16:54 The Ubuntu Security team suggests that contributors look into merging Debian security updates in community-supported packages. If you would like to help Ubuntu but are not sure where to start, this is a great way to do so. See http://people.canonical.com/~ubuntu-security/d2u/ for available merges and https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details on preparing Ubuntu security 16:54 updates. If you have any questions, feel free to ask in #ubuntu-hardened. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 16:55 [TOPIC] Miscellaneous and Questions 16:55 Does anyone have any other questions or items to discuss? 16:56 jdstrand, mdeslaur, sbeattie, jjohansen, sarnold, ChrisCoulson, leosilva: Thanks and don't have too much fun without me! 16:56 #endmeeting