#title #ubuntu-meeting Meeting Meeting started by jdstrand at 16:34:03 UTC. The full logs are available at http://ubottu.com/meetingology/logs/ubuntu-meeting/2013/ubuntu-meeting.2013-04-22-16.34.log.html . == Meeting summary == ''LINK:'' https://wiki.ubuntu.com/SecurityTeam/Meeting (jdstrand, 16:34:06) *Announcements *Weekly stand-up report *Highlighted packages ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/mongodb.html (jdstrand, 16:54:25) ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/proftpd-dfsg.html (jdstrand, 16:54:28) ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/mc.html (jdstrand, 16:54:31) ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/cowbell.html (jdstrand, 16:54:45) ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/falconpl.html (jdstrand, 16:54:49) *Miscellaneous and Questions Meeting ended at 17:05:25 UTC. == Votes == == Action items == * (none) == People present (lines said) == * jdstrand (35) * chrisccoulson (13) * sbeattie (7) * tyhicks (7) * jjohansen (6) * sarnold (5) * meetingology (3) * ubottu (1) == Full Log == 16:34:03 #startmeeting 16:34:03 Meeting started Mon Apr 22 16:34:03 2013 UTC. The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:34:03 16:34:03 Available commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired 16:34:06 The meeting agenda can be found at: 16:34:06 [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:34:10 [TOPIC] Announcements 16:34:32 yo 16:34:45 next week we'll be at a sprint and I believe the current meeting time is in conflict with a meeting at the sprint, so we'll skip 16:35:13 [TOPIC] Weekly stand-up report 16:35:20 I'll go first 16:35:28 install audits went well last week, nothing surprising or particularly important 16:35:36 I'm on triage this week 16:36:02 I've got openjdk-7 updates for this week 16:36:21 also monthly planning (april review, may planning) 16:36:37 and sprint preparation. if there's time, I'll take something off the list 16:36:43 sbeattie: you're up 16:37:05 I'm focused on workitems again this week, on the security-1304-appisolation-example blueprint 16:37:28 I'll specifically be working on the prototype launcher bits 16:37:39 as well as prepping for the sprint 16:37:47 and that's pretty much it for me 16:37:51 tyhicks: you're up 16:38:12 I'm continuing work on the dbus regression tests from last week 16:39:03 then I'll move to ' initial work to query confinement labeling of sender' and 'dbus daemon, pass labeling info on messages so security context can be queried by recipient' 16:39:13 I'll have some sprint prep, too 16:39:16 that's it for me 16:39:21 jjohansen: you're up 16:40:38 I'll be running around in panic, err that is prepping for the sprint too 16:40:39 I have some bugs to finish chasing down, and then I'll be back to working on signals and other bits of ipc 16:41:36 jjohansen: what are those bugs in? 16:42:28 jdstrand: good question, I chased one down to my kernel, one to the library and I think one is in dbus, I need to verify that and if so I'll pull tyhicks in 16:42:52 heh, ok 16:42:59 jdstrand: oh! I should have said dev bugs :) 16:43:31 thats it from me sarnold your up 16:44:04 I'm working on the mysql update today, hoping to finish testing on it late today (those tests are immensely long, sheesh) 16:44:13 probably publishing tomorrow 16:45:28 when I'm done with that, I'll look at bouncy castle, and if there's any time left, I may give a follow-up audit to one of the packages I NAKd for the forums; the company was kind enough to send me another version for review after fixing my previous complaints. (woo) 16:45:48 I'm also on community :) 16:45:56 that's it for me, chrisccoulson, your turn 16:46:07 hi :) 16:47:20 so, i spent a bit of time investigating one of the regressions that appeared in firefox 20. got a good handle on that now, but not sure there's much more we can do with it for now 16:47:51 chrisccoulson: what is the regression? 16:48:06 jdstrand, https://bugzilla.mozilla.org/show_bug.cgi?id=858782 16:48:08 Mozilla bug 858782 in Extension Compatibility "crash in uGlobalMenuDocListener::DoHandleMutations with GlobalMenu on Ubuntu" [Critical,New] 16:48:31 i'm a bit concerned that if i fix the crash in our addon code, i'll just push the problem elsewhere 16:48:45 (see the last comment) 16:49:24 huh, interesting 16:49:41 yeah, i wonder if this has the potential to cause other problems 16:50:34 I guess we'll see what upstream says? 16:50:47 yeah, i'm waiting for them to comment now 16:51:18 also, did some more work with chromium testing. trying to figure out if there's a way to make the installed test suite smaller (each test binary effectively links in a copy of the browser) 16:51:47 we also resolved some confusion regarding qtscript/webkit/v8/JSC :) 16:52:59 and i'm currently trying to figure out why >100 firefox tests started failing over the weekend :( 16:53:36 actually, make that nearly 200 ;) (191 to be exact) 16:53:48 i think that's me done 16:54:08 [TOPIC] Highlighted packages 16:54:10 The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 16:54:15 See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 16:54:25 http://people.canonical.com/~ubuntu-security/cve/pkg/mongodb.html 16:54:28 http://people.canonical.com/~ubuntu-security/cve/pkg/proftpd-dfsg.html 16:54:31 http://people.canonical.com/~ubuntu-security/cve/pkg/mc.html 16:54:45 http://people.canonical.com/~ubuntu-security/cve/pkg/cowbell.html 16:54:49 http://people.canonical.com/~ubuntu-security/cve/pkg/falconpl.html 16:54:59 [TOPIC] Miscellaneous and Questions 16:56:39 I have one, jjohansen, sbeattie and tyhicks> can you comment on http://status.ubuntu.com/ubuntu-raring/canonical-security-ubuntu-13.04-month-6.html? I need to prepare the monthly work items status for tomorrow. are we on track to be done by friday/tuesday? 16:57:23 for /me friday - no, tuesday maybe 16:57:34 jjohansen, sbeattie, tyhicks> and it you haven't already, can you update your work items 16:57:42 jdstrand: sure 16:58:01 jdstrand: 'dbus - update aa-logparser, including test' is not likely for Friday, but Tuesday is still a possibility 16:58:24 I think everything else is still on track for me 17:00:28 I'm not liking how I need to give a status update a week early... I will have to discuss that and/or modify our planning 17:01:01 sbeattie: are you on track to be done friday/tuesday? 17:01:30 jdstrand: yeah 17:01:36 ok cool 17:02:09 Does anyone have any other questions or items to discuss? 17:05:23 sbeattie, tyhicks, jjohansen, sarnold, chrisccoulson: thanks! 17:05:25 #endmeeting Generated by MeetBot 0.1.5 (http://wiki.ubuntu.com/meetingology)