== Meeting information == * #ubuntu-meeting Meeting, 15 Jun at 16:33 — 17:00 UTC * Full logs at [[http://ubottu.com/meetingology/logs/ubuntu-meeting/2015/ubuntu-meeting.2015-06-15-16.33.log.html]] == Meeting summary == ''LINK:'' https://wiki.ubuntu.com/SecurityTeam/Meeting === Announcements === The discussion about "Announcements" started at 16:33. === Weekly stand-up report === The discussion about "Weekly stand-up report" started at 16:33. === Highlighted packages === The discussion about "Highlighted packages" started at 16:57. * ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/ltp.html * ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/libcgi-application-perl.html * ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/gif2png.html * ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/openvswitch.html === Miscellaneous and Questions === The discussion about "Miscellaneous and Questions" started at 16:58. * ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/libphp-adodb.html == Vote results == == Done items == * (none) == People present (lines said) == * tyhicks (38) * jjohansen (13) * mdeslaur (6) * jdstrand (6) * sbeattie (6) * sarnold (5) * chrisccoulson (4) * ubottu (3) * meetingology (3) == Full Log == 16:33 #startmeeting 16:33 Meeting started Mon Jun 15 16:33:03 2015 UTC. The chair is tyhicks. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:33 16:33 Available commands: action commands idea info link nick 16:33 o/ 16:33 The meeting agenda can be found at: 16:33 [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:33 [TOPIC] Announcements 16:33 Thanks to LocutusOfBorg for help on security updates for the community supported gnutls28 (LP: #1326779) last week. Your work is very much appreciated and will keep Ubuntu users secure. Great job! :) 16:33 Launchpad bug 1326779 in gnutls28 (Ubuntu) "libgnutls28 appears to not have been updated for CVE-2014-3466 in Trusty" [Critical,Fix released] https://launchpad.net/bugs/1326779 16:33 [TOPIC] Weekly stand-up report 16:33 jdstrand: you're up 16:34 hello 16:34 I have two embargoed issues I am working on 16:34 work planning with tyhicks 16:34 if those don't consume all of my time, finally start on seccomp policy regeneration on upgrade 16:35 and keep working on security update processes for readonly images 16:35 mdeslaur: you're up 16:35 I'm working on wpa updates 16:35 and an embargoed issue 16:35 and will be going down the list after that 16:35 I'm on bug triage this week too 16:35 that's it for me, sbeattie, you're up 16:36 I'm on CVE triage this week 16:37 The trusty apparmor SRU just needs to be promoted to trusty-updates, I am prodding the SRU team to do that. 16:37 nice 16:38 nice :) thanks! 16:38 I'm going to work on the gcc-pie stuff next, while looking at some more of the apparmor patches that have accumulated in the meantime. 16:38 And that will probably consume my week 16:38 tyhicks: you're up 16:39 I'm in the happy place this week 16:39 I am working on an embargoed item 16:39 I need to finish up my patch update testing and publish those updates 16:40 continue apparmor list communications to identify and finish up the final patches for the 2.10 release 16:40 that's it for now 16:40 jjohansen: you're up 16:41 I am going to be finishing up my dconf review and spending some time discussing that 16:42 that is dconf apparmor work 16:42 I need to do what ever is needed to help push through the caching api patches 16:43 I have some revision to do on a couple patches for 2.10 16:44 I need to open up the start of the next kernel update cycle 16:44 I have the backport for bug 1460152 to finish up and test 16:45 bug 1460152 in Snappy "apparmor cache not updated when apparmor.d rules change (breaks 15.04/stable -> 15.04/edge updates)" [Critical,In progress] https://launchpad.net/bugs/1460152 16:46 I have an apparmor kernel bug (that I have lost atm) to triage 16:47 I have a few patches to push out to the kernel team 16:47 a small pull request to pull together and send upstream 16:48 and then perhaps I can get back to the rest of the upstream cleanup 16:48 lots of stuff on your todo list this week 16:48 too much, probably 16:48 once I get through some of mine, I'll check in to see if I can help out 16:48 yeah, just thinking the same. 16:49 jjohansen: should I take over the backporting for bug 1460152? 16:49 bug 1460152 in Snappy "apparmor cache not updated when apparmor.d rules change (breaks 15.04/stable -> 15.04/edge updates)" [Critical,In progress] https://launchpad.net/bugs/1460152 16:49 I'm now very familiar with that part of the parser 16:49 heh 16:50 tyhicks: nah, I am basically done with it, there is a bit I need to figure out/verify but was feeling too stupid at 3am this morning. You can review and test if you want 16:50 ok 16:50 then maybe I can help with the ubuntu kernel pull requests 16:50 we'll talk about it later 16:50 tyhicks: sure 16:51 sarnold: go ahead 16:51 I'm on community this week; I'm also going to brain-dump what I learned working with canonistack, I think I'm nearing the end of the openstack issues re-triaging, and will return to MIR auditing 16:51 I'll also try to pick up an apparmor patch review here or there 16:52 I think that's it for me, chrisccoulson? 16:52 does that mean we're getting openstack updates soon? 16:52 This week, I'll be spending some time getting through code reviews 16:53 mdeslaur: it doesn't 16:53 mdeslaur: I think someone else (possibly me) will try to pick them up after the brain dump 16:54 I'll also be picking off other bugs on https://launchpad.net/oxide/+milestone/branch-1.9, although I'm not sure which ones I'll do this week yet 16:54 And I also plan to get ubufox in to a reviewable state so that we can get it signed 16:56 I think that's me done 16:57 thanks 16:57 [TOPIC] Highlighted packages 16:57 The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 16:57 See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 16:57 http://people.canonical.com/~ubuntu-security/cve/pkg/ltp.html 16:58 http://people.canonical.com/~ubuntu-security/cve/pkg/libcgi-application-perl.html 16:58 http://people.canonical.com/~ubuntu-security/cve/pkg/gif2png.html 16:58 http://people.canonical.com/~ubuntu-security/cve/pkg/openvswitch.html 16:58 [TOPIC] Miscellaneous and Questions 16:58 http://people.canonical.com/~ubuntu-security/cve/pkg/libphp-adodb.html 16:58 Does anyone have any other questions or items to discuss? 17:00 jdstrand, mdeslaur, sbeattie, jjohansen, sarnold, ChrisCoulson: Thanks! 17:00 #endmeeting Generated by MeetBot 0.1.5 (http://wiki.ubuntu.com/meetingology)