#title #ubuntu-meeting Meeting

Meeting started by jdstrand at 16:31:25 UTC.  The full logs are
available at
http://ubottu.com/meetingology/logs/ubuntu-meeting/2013/ubuntu-meeting.2013-04-15-16.31.log.html
.



== Meeting summary ==

''LINK:'' https://wiki.ubuntu.com/SecurityTeam/Meeting   (jdstrand, 16:31:49)
 *Announcements

 *Weekly stand-up report
''LINK:'' https://bugzilla.mozilla.org/show_bug.cgi?id=858782 also appeared, but i've no idea what is happening there. if any of you use google docs and can recreate it, please let me know ;)  (chrisccoulson, 16:55:38)

 *Highlighted packages
''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/gpw.html   (jdstrand, 17:00:22)
''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/jenkins-winstone.html   (jdstrand, 17:00:25)
''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/policycoreutils.html   (jdstrand, 17:00:29)
''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/spice-gtk.html   (jdstrand, 17:00:32)
''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/openjpeg.html   (jdstrand, 17:00:35)

 *Miscellaneous and Questions



Meeting ended at 17:17:49 UTC.



== Votes ==




== Action items ==

 * (none)



== People present (lines said) ==

 * jdstrand (62)
 * sbeattie (21)
 * tyhicks (21)
 * mdeslaur (13)
 * chrisccoulson (11)
 * jjohansen (9)
 * sarnold (7)
 * meetingology (3)
 * ubottu (2)



== Full Log ==


 16:31:25 <jdstrand> #startmeeting

 16:31:25 <meetingology> Meeting started Mon Apr 15 16:31:25 2013 UTC.  The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology.

 16:31:25 <meetingology> 

 16:31:25 <meetingology> Available commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired

 16:31:48 <jdstrand> The meeting agenda can be found at:

 16:31:49 <jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting

 16:31:59 <jdstrand> [TOPIC] Announcements

 16:32:02 <jdstrand> (none this week)

 16:32:10 <jdstrand> [TOPIC] Weekly stand-up report

 16:32:13 <jdstrand> I'll go first

 16:32:24 <jdstrand> I'm on community this week

 16:33:07 <jdstrand> I have more requirements gathering, planning and communications of our plans to do

 16:33:17 <jdstrand> I also have to finish up performance reviews

 16:33:26 <jdstrand> there are a couple audits to finish

 16:33:43 <jdstrand> and I will be working on two embargoed updates

 16:34:49 <jdstrand> that's it for me

 16:34:52 <jdstrand> mdeslaur: you're up

 16:34:59 <mdeslaur> I'm in the happy place this week

 16:35:08 <jdstrand> you bet you are! :P

 16:35:13 <sbeattie> hehe

 16:35:13 <mdeslaur> and I only have two days...wednesday I'm on vacation

 16:35:18 <mdeslaur> jdstrand: hehe :)

 16:35:35 <mdeslaur> (on vac until the 29th

 16:35:55 <mdeslaur> I'm currently writing a test script for haproxy, which I'll likely release this afternoon or tomorrow

 16:36:09 <mdeslaur> and am working on an embargoed issue to hand off to one of the non-vacationing suckers

 16:36:18 <mdeslaur> and, that's it from me.

 16:36:20 <mdeslaur> sbeattie: you're up

 16:36:23 <jdstrand> fyi, I forgot one-- hope to do install audits this week too

 16:36:33 <sbeattie> ah cool

 16:36:46 <sbeattie> I'm working on apparmor work items again this week.

 16:37:25 <sbeattie> I'm continuing to write some example clients for confinement, wrote a couple of qml demos last week.

 16:37:40 <sbeattie> will need to put some automation around them as well.

 16:37:52 <mdeslaur> sbeattie: could you stick those in a bzr tree somewhere?

 16:38:09 <jdstrand> sbeattie: re automation, what are you thinking, for automatic testing?

 16:38:34 <sbeattie> jdstrand: yeah, for automatic testing, as much as possible.

 16:38:49 <sbeattie> drag-n-drop stuff may be harder to automate.

 16:39:08 <sbeattie> mdeslaur: https://code.launchpad.net/~sbeattie/+junk/apparmor-examples

 16:39:18 <jdstrand> sbeattie: cool-- though aiui, having automatic testing is not in scope for this month per se.

 16:39:26 <mdeslaur> sbeattie: ah! cool

 16:39:53 <jdstrand> sbeattie: obviously we want it-- what are you thinking about in terms of scheduling that work?

 16:40:28 <sbeattie> jdstrand: uhh, hadn't really decided on anything concrete for schedule.

 16:40:34 <jdstrand> ok

 16:40:55 <sbeattie> jdstrand: was expecting to coordinate that with you/the team

 16:41:10 <jdstrand> sbeattie: basically my questons are coming from the palce of 'let's focus on what we said we would focus on, but if we have to adjust, let's talk about it'

 16:41:15 <sbeattie> okay

 16:41:25 <jdstrand> so yeah, talking later is fine

 16:41:44 <sbeattie> anyway, that's pretty much it for me.

 16:41:59 <sbeattie> tyhicks: you're up

 16:42:09 <tyhicks> I'm working on https://blueprints.launchpad.net/ubuntu/+spec/security-1304-appisolation-dbus this week

 16:42:23 <tyhicks> Still wrapping up the dbus parser tests item

 16:42:42 <tyhicks> Last week while writing parser tests, I ran across some parser bugs

 16:42:59 <tyhicks> Those are fixed now and I'm back to improving the tests

 16:43:27 <tyhicks> then I'll move on to "dbus daemon - regression tests" and then to "dbus daemon, pass labeling info on messages so security context can be queried by recipient"

 16:43:53 <tyhicks> eCryptfs prep work for the kernel merge window stole some time from me last week but that is now all done

 16:44:06 <tyhicks> so my sole focus will be on aa work items this week

 16:44:07 <sbeattie> tyhicks: did you push your tests anywhere?

 16:44:31 * jdstrand is happy to hear that we are finding and fixing bugs when writing our tests :)

 16:44:38 <sbeattie> indeed!

 16:44:54 <tyhicks> sbeattie: not yet, when I fully complete that work item the tests will live in the apparmor package of the dbus-dev ppa

 16:45:18 <sbeattie> tyhicks: okay, just wondered if you wanted any feedback/review of them...

 16:45:42 <tyhicks> I also did a lot of work (still pending upload) on fixing up the patches in the dbus-dev apparmor package so that the patches will be easier to send upstream

 16:45:56 <tyhicks> sbeattie: I will want some feedback for sure. I'll send them to the list.

 16:46:01 <tyhicks> that's it for me

 16:46:05 <tyhicks> jjohansen: you're up

 16:46:16 <sbeattie> tyhicks: thanks

 16:46:25 <jjohansen> I'll be continuing to work on https://blueprints.launchpad.net/ubuntu/+spec/security-1304-appisolation-signals-ipc-ptrace

 16:46:25 <jjohansen> Mostly it should be work around sockets (labeling, passing them, etc)

 16:46:25 <jjohansen> I will also need to spend some time pushing some patches to the upstream security tree so they are there for when the merge window opens

 16:46:57 <jdstrand> tyhicks: regarding upstreamifying-- is that DBus upstreaming, apparmor, kernel, or some combination?

 16:47:24 <jjohansen> jdstrand: kernel - ecryptfs work

 16:47:31 <tyhicks> jdstrand: apparmor

 16:47:49 <jjohansen> tyhicks: oh?

 16:48:21 <tyhicks> the patches against the apparmor package were piling up and it was going to be a pain to get them all in order and broken down for upstreaming

 16:48:21 <jdstrand> tyhicks: as in, making them easily digestible for the list?

 16:48:26 <tyhicks> jdstrand: exactly

 16:48:38 <tyhicks> just a little tidying up before things got too ugly

 16:48:41 <jjohansen> ah

 16:49:38 <jdstrand> jjohansen: curious-- what are you snding to the upstream security tree?

 16:50:16 <jjohansen> jdstrand: about the first 20 patches from the queue that have been reviewed. Its all the base code cleanups and bug fixes

 16:50:26 <jdstrand> neat

 16:51:13 <jjohansen> sarnold: your up

 16:51:23 <sarnold> I'm on triage this week

 16:51:50 <sarnold> I'm finishing up curl publication today, and I'm liable to ask jdstrand if I can take one of his MIR audits

 16:52:23 <sarnold> I'd like to get around to fixing up my juju charms, but that might take a back burner again to doing another update

 16:52:42 <mdeslaur> sarnold: if you're up to a challenge, you can try and take the bouncycastle update

 16:52:47 <jdstrand> sarnold: actually one is a MIR audit (ie, not security audit) and the other I'm putting in that category-- it is about the scopes privacy

 16:52:48 <mdeslaur> sarnold: java backporting fun

 16:52:55 <sarnold> mdeslaur: that -is- a challenge :)

 16:53:09 <jdstrand> sarnold: actually, it might not be a bad idea to get some help there

 16:53:10 <sarnold> .. with all the goodness of inexplicable crypto goo :)

 16:53:15 <jdstrand> sarnold: but we'll talk later

 16:53:42 <sarnold> cool :)

 16:54:02 <sarnold> chrisccoulson: your turn :)

 16:54:09 <chrisccoulson> yoyoyo

 16:54:20 <chrisccoulson> i got a flash update out last week

 16:54:48 <chrisccoulson> also fixed an arm crash in chromium (waiting on testing feedback from the ufa guys, but it works here)

 16:55:03 <chrisccoulson> fixed https://bugzilla.mozilla.org/show_bug.cgi?id=858670, which appeared in the ff20 update

 16:55:04 <ubottu> Mozilla bug 858670 in Extension Compatibility "crash in uGlobalMenuObject::ShouldShowIcon with GlobalMenu on Ubuntu" [Critical,New]

 16:55:38 <chrisccoulson> https://bugzilla.mozilla.org/show_bug.cgi?id=858782 also appeared, but i've no idea what is happening there. if any of you use google docs and can recreate it, please let me know ;)

 16:55:39 <ubottu> Mozilla bug 858782 in Extension Compatibility "crash in uGlobalMenuDocListener::DoHandleMutations with GlobalMenu on Ubuntu" [Critical,New]

 16:56:37 <chrisccoulson> did a bit more with chromium automated testing. discovered that gtest can already  produce junit formatted test results, which is a great help

 16:57:22 <chrisccoulson> i'll hopefully be done with updates / chromium etc this week, so i can start on other things i'm meant to be looking at :)

 16:57:32 <jdstrand> nice

 16:57:36 <jdstrand> (junit)

 16:57:53 <jdstrand> well all of it, but you know, that goes for everyone :)

 16:58:22 <chrisccoulson> yeah, unfortunately, i discovered it created junit results after i started writing code to parse the results and convert them ;)

 16:58:28 <chrisccoulson> (like we're doing for firefox already)

 16:59:17 <jdstrand> heh

 16:59:27 <jdstrand> chrisccoulson: did you have more?

 16:59:38 <chrisccoulson> no, that's me done i think

 16:59:56 <jdstrand> chrisccoulson: (fyi, since you're last, you can say 'back to you jdstrand or something :)

 17:00:05 <chrisccoulson> sure, no problem

 17:00:07 <jdstrand> [TOPIC] Highlighted packages

 17:00:10 <jdstrand> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.

 17:00:15 <jdstrand> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.

 17:00:22 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/gpw.html

 17:00:25 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/jenkins-winstone.html

 17:00:29 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/policycoreutils.html

 17:00:32 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/spice-gtk.html

 17:00:35 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/openjpeg.html

 17:00:55 <jdstrand> [TOPIC] Miscellaneous and Questions

 17:01:10 <jdstrand> I have one for several of you

 17:01:40 <jdstrand> based on what was said in this meeting, I have a good feeling about progress for the month

 17:01:58 <jdstrand> however, if I look at http://status.ubuntu.com/ubuntu-raring/canonical-security-ubuntu-13.04-month-6.html I have a less good feeling

 17:02:15 <jdstrand> so, I guess, now that we are 2 weeks in to this month, how are the work items going? Are we 50% done? are there problems?

 17:02:52 <jdstrand> jjohansen: ^ we talked about this a bit last week, so afaik, we are slightly behind but aren't worried on our timeline for this month. is that accurate?

 17:03:03 <jjohansen> yes

 17:03:04 <jdstrand> jjohansen: (talking about your work items specifically)

 17:03:21 <tyhicks> I'm not 50% done, but I also haven't been able to spend 100% of my time on the work items

 17:03:33 <tyhicks> I will be able to for the remainder of the month

 17:03:43 <tyhicks> and I'm confident that I can knock off all of my work items by then

 17:03:50 <jdstrand> tyhicks: right..

 17:03:52 <jdstrand> ah, ok

 17:04:00 <jdstrand> sbeattie: how about you? ^

 17:04:18 <sbeattie> sorry, I'm notorious for not updating my workitem entries.

 17:04:50 <jdstrand> well, I was going to end with 'Please update your work items' :)

 17:04:58 <sbeattie> heh

 17:05:12 <sbeattie> but yeah, feeling pretty confident about where things are at.

 17:05:20 <jdstrand> sbeattie: but in a less burndown chart way: are you on track for your work items for the month?

 17:05:22 <tyhicks> forgetting to update the entries is better than not having any updates to make ;)

 17:05:31 <jdstrand> tyhicks: yes!! :)

 17:05:38 <jdstrand> sbeattie: awesome

 17:05:40 <mdeslaur> hehe

 17:06:14 <jdstrand> jjohansen, tyhicks, sbeattie: if you could update this month work items sometime today, that would be great

 17:06:21 <sbeattie> okay

 17:06:23 * tyhicks nods

 17:06:29 <jdstrand> Does anyone have any other questions or items to discuss?

 17:17:46 <jdstrand> mdeslaur, sbeattie, tyhicks, jjohansen, sarnold, chrisccoulson: thanks!

 17:17:49 <jdstrand> #endmeeting



Generated by MeetBot 0.1.5 (http://wiki.ubuntu.com/meetingology)