#ubuntu-meeting log

18:02:29 <jdstrand> #startmeeting
18:02:30 <meetingology> Meeting started Mon Jul 23 18:02:29 2012 UTC.  The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
18:02:30 <meetingology> 
18:02:30 <meetingology> Available commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired
18:02:38 <jdstrand> The meeting agenda can be found at:
18:02:39 <jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
18:02:47 <jdstrand> [TOPIC] Weekly stand-up report
18:02:50 <jdstrand> I'll go first
18:03:24 <jdstrand> I will actually not have a short week this week :)
18:03:31 <jdstrand> I'm on communuity
18:03:37 <jdstrand> am patch piloting today
18:03:42 <jdstrand> have some pending updates
18:03:55 <jdstrand> and will be reviewing webkit maintenance a bit
18:04:00 <jdstrand> mdeslaur: you're up
18:04:07 <mdeslaur> I'm in the happy place this week
18:04:14 <mdeslaur> I've got a libexif update coming out in a few minutes
18:04:28 <mdeslaur> and have an embargoed issue (or two) that I need to work on this week
18:04:41 <mdeslaur> and I've worked on "uvt", the python replacement for vmtools
18:04:46 <sbeattie> \o/
18:04:53 <mdeslaur> I still have a couple of commands to implement before marking off the work item
18:05:08 <mdeslaur> I should be done with them today or tomorrow
18:05:15 <mdeslaur> and after that, I'll pick some CVEs in the list
18:05:31 <mdeslaur> we have a _lot_ of open CVEs, so we need to be picking stuff up
18:05:35 <mdeslaur> that's it from me
18:05:37 <mdeslaur> sbeattie: you're up
18:05:48 <sbeattie> I'm in the happy place this week
18:06:03 <sbeattie> I've currently working on an embargoed issue
18:06:55 <sbeattie> I'm also poking at a possible regression from the openjdk backports I did around JNI in lucid (LP: #1027122)
18:07:26 <sbeattie> jjohansen handed me what he had for dbus/apparmor, so I'll be poking at that as well
18:07:47 <sbeattie> otherwise, I'll try to pick up a CVE or two as well
18:08:02 <sbeattie> that's all I've got; micahg, you're up
18:09:22 <micahg> This week I'm starting the staged rollout of webkit updates to the stable releases, tomorrow, precise-proposed will get 1.8.1 and if there aren't any significant increases in crashes, I'll push that to everyone late Thursday (or Monday if people think that's better)
18:09:46 <jdstrand> \o/
18:09:58 <micahg> with the rest of the releases hopefully getting to their respective -proposed repo by the end of next week
18:10:15 * jdstrand guesses monday would be best. it is already late so don't cause potential extra work over the weekend
18:10:28 <micahg> ok
18:12:02 <micahg> that's basically it aside from watching for any issues with the Mozilla updates (have been skimming the bugmail to notify tyhicks if need be), all seems fine
18:12:45 <jdstrand> tyhicks: you're up
18:13:00 <micahg> oh, right, and trying to process all the mail about thunderbird's future, I hope to have something drafted over the next week or 2
18:13:06 <micahg> jdstrand: he's off today :)
18:13:12 <jdstrand> ah
18:13:17 <jdstrand> jjohansen: you're up
18:13:24 <jdstrand> tyhicks: nm
18:13:46 <jdstrand> bzr diff
18:13:49 <jdstrand> meh
18:14:32 <jjohansen> so I need to finish getting dbus stuff to sbeattie, I actually didn't give him the kernel bits yet, and the parser bits don't apply (though I may let him have a crack at fixing that)
18:15:24 <jjohansen> I have some more kernel QRT fallout to look at this week, not sure what it is yet just saw the request (/me is suspecting more arm failures)
18:16:25 * jjohansen needs to finish up on the rcu locking rework to fix deadlocking issues in the current apparmor patchset so I can push those out to the list
18:17:01 <jdstrand> jjohansen: is that due to upstream churn?
18:18:48 * jdstrand assumes so
18:18:56 <jjohansen> jdstrand: no, its due to us doing more and being forced to do GFP_KERNEL allocations indirectly in places where locks are held.  This can cause sleeping at those points but with the way our locking works and the LSM hooks this effectively blocks all execs and several other operations causing system deadlocks
18:19:23 <jdstrand> jjohansen: oh, so this affects current kernels?
18:19:36 <jjohansen> jdstrand: no just the dev stuff
18:19:50 <jdstrand> jjohansen: part of getting rid of the compat work?
18:20:16 <jjohansen> jdstrand: not just the compat, its needed for stacking and labeling too
18:20:22 <jdstrand> ok
18:20:26 <jdstrand> jjohansen: anything else?
18:20:26 <jjohansen> basically an extra prereq
18:21:08 <jjohansen> hrmm well I plan to review the R stuff floated on the list
18:21:19 <jjohansen> oh and I have some 3.5 testing
18:22:08 * jjohansen pushed the compat patches for 3.5 but hasn't actually built or tested against upstream 3.5
18:22:17 <jjohansen> but that is minor
18:22:23 <jjohansen> jdstrand: thats it back to you
18:22:38 <jdstrand> thanks
18:22:44 <jdstrand> [TOPIC] Highlighted packages
18:22:49 <jdstrand> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
18:22:53 <jdstrand> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
18:22:59 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/nusoap.html
18:23:03 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/phppgadmin.html
18:23:06 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/libfile-temp-perl.html
18:23:10 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/mplayer2.html
18:23:13 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/tangerine.html
18:24:15 <jdstrand> [TOPIC] Miscellaneous and Questions
18:24:30 <jdstrand> There are a lot of merge opportunities for packages listed in http://people.canonical.com/~ubuntu-security/d2u/. Performing these updates is a great way to help Ubuntu and bolster your developer application.
18:24:41 <jdstrand> Does anyone have any other questions or items to discuss?
18:32:55 <jdstrand> mdeslaur, sbeattie, micahg, jjohansen: thanks
18:32:58 <jdstrand> #endmeeting