#title #ubuntu-meeting Meeting Meeting started by jdstrand at 18:06:51 UTC. The full logs are available at http://ubottu.com/meetingology/logs/ubuntu-meeting/2011/ubuntu-meeting.2011-12-05-18.06.log.html . == Meeting summary == ''LINK:'' https://wiki.ubuntu.com/SecurityTeam/Meeting (jdstrand, 18:07:19) *Announcements *Weekly stand-up report *Highlighted packages ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/cableswig.html (jdstrand, 18:25:10) ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/gforge.html (jdstrand, 18:25:12) ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/ejabberd.html (jdstrand, 18:25:15) ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/opensaml2.html (jdstrand, 18:25:18) ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/xmlsec1.html (jdstrand, 18:25:22) *Miscellaneous and Questions Meeting ended at 18:33:20 UTC. == Votes == == Action items == * (none) == People present (lines said) == * jdstrand (46) * mdeslaur (18) * tyhicks (18) * jjohansen (11) * micahg (7) * meetingology (3) == Full Log == 18:06:51 #startmeeting 18:06:51 Meeting started Mon Dec 5 18:06:51 2011 UTC. The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/AlanBell/mootbot. 18:06:51 18:06:51 Available commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired 18:07:18 The meeting agenda can be found at: 18:07:19 [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 18:07:27 [TOPIC] Announcements 18:07:36 Thanks to the following people who helped Ubuntu Security last week: 18:07:40 * Gabriel A. von Winckler (winckler) for the phpldapadmin debdiffs 18:07:46 * Dominic Hargreaves for the request-tracker3.8 debdiff 18:07:51 * Arnaud Quette (Uzuul) for help in updating the nut qa-regression-testing script (LP: #894476) 18:08:17 Your work is very much appreciated and will keep Ubuntu users secure! :) 18:08:26 [TOPIC] Weekly stand-up report 18:08:31 I'll go first 18:09:06 last week was 'interesting' in that I did quite a bit, but not what I said I would :P 18:09:32 that said, I am in the happy place again and I have several updates I am working on 18:09:54 several MIR audits need to still be done that have been backburnered for too long 18:10:06 assuming I can actually do those things, I will do some work items 18:10:10 mdeslaur: you're up 18:10:35 I'm on community this week 18:11:04 and I have some updates for colord, commons-daemon and dovecot that I need to test and release 18:11:15 besides that, I'm looking into the ffmpeg/libav issues 18:11:29 and will pick up some other stuff from the list 18:11:35 that's it from me 18:11:40 micahg: you're up 18:11:51 * jdstrand guesses he could get more specific: updates are for vsftpd, python-django and quassel 18:13:07 working on updates, patch pilot, planning Firefox rapid release migration for lucid/maverick 18:13:52 also starting to plan for webkit 1.6 migration as well 18:14:06 that's it for me 18:14:10 tyhicks: you're up 18:14:22 I'm in the happy place this week 18:14:26 micahg: 1.6 or 1.8? 18:14:32 * tyhicks waits 18:14:41 mdeslaur: 1.6 first, then 1.8 if we choose that for precise 18:15:03 to clarify: 1.6 in all stable releases 18:15:48 I am currently finishing up testing a fix for a private bug 18:16:05 I need to make some progress on my update queue and I'll probably focus on bzip2 first 18:16:09 mdeslaur: do you have an eta on the 1.8 decision? are you participating in that discussion? 18:16:12 err 18:16:14 micahg: ^ 18:16:34 jdstrand: haven't heard back, will check with the Desktop team this week 18:16:36 tyhicks: didn't mdeslaur take bzip2? 18:16:52 jdstrand: nope - he took it and then gave it back :) 18:16:58 jdstrand: nope 18:17:01 ah, sneaky 18:17:19 So I'll bet there is something exciting waiting there for me ;) 18:17:28 tyhicks: nah 18:17:34 trivial fix 18:17:58 mdeslaur: I do need to coordinate with you regarding the t1lib update 18:18:14 mdeslaur: Shall I run with it from here on? 18:18:38 tyhicks: sure 18:18:51 tyhicks: just make sure I didn't regress anything with the patch 18:19:04 although I don't know how that could happen 18:19:17 mdeslaur: Will do 18:19:31 I need to patch, test, and upstream a fix for the eCryptfs statfs() max filename length reporting bug (LP: #885744) 18:19:49 Finally, I'd like to get a 'make check' set up in ecryptfs-utils for eCryptfs tr 18:20:00 oops... that is "eCryptfs trunk tests" 18:20:08 tyhicks: do you have the patch for that one already? 18:20:15 jjohansen: nope 18:20:26 tyhicks: I might, let me check 18:20:55 ok, great 18:21:17 jjohansen: You're up - that's it for me 18:21:27 This week I will hopefully finish squashing the bugs around aa namespaces and get fake stacking up in a ppa so the server team can start integrating with it. 18:21:27 I also need to testing on the new __d_path api, and once that is settled move apparmor to using it. Oh and write some documentation for them on using it. 18:21:48 jjohansen: did you find a solution to that? 18:21:51 oh and I guess I will try to publish a few kernel usns without breaking things 18:22:07 mdeslaur: yes al viro, created a new api 18:22:19 jjohansen: cool, so we don't lose anything? 18:22:44 mdeslaur: we shouldn't but I haven't tested the api, nor changed the patch to it yet 18:22:51 jjohansen: ok 18:23:22 mdeslaur: if not we do have a fall back that is I think 100% but its a lot more work as it relies on us getting our labeling in shape 18:23:35 hrm 18:23:35 ie. work not planned for this cycle 18:23:51 * mdeslaur crosses fingers 18:23:53 * jdstrand keeps fingers and toes crossed 18:23:53 oh, and not on disk labeling 18:24:23 thats it from me 18:24:35 [TOPIC] Highlighted packages 18:24:47 The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 18:24:54 See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 18:25:10 http://people.canonical.com/~ubuntu-security/cve/pkg/cableswig.html 18:25:12 http://people.canonical.com/~ubuntu-security/cve/pkg/gforge.html 18:25:15 http://people.canonical.com/~ubuntu-security/cve/pkg/ejabberd.html 18:25:18 http://people.canonical.com/~ubuntu-security/cve/pkg/opensaml2.html 18:25:22 http://people.canonical.com/~ubuntu-security/cve/pkg/xmlsec1.html 18:25:57 opensaml2 and xmlsec1 should only need a merge from Debian per http://people.canonical.com/~ubuntu-security/d2u/ 18:26:19 [TOPIC] Miscellaneous and Questions 18:26:26 I have one thing 18:27:10 last week I did a work items analysis which culminated in http://people.canonical.com/~jamie/wi/precise-canonical-security.html 18:27:52 that page is rough, but it gives a percent completed and sums the days we initially estimated to complete the work 18:28:11 nice! 18:28:19 because we commit to essential and try hard to get all our high work items, there are separate stats for them 18:28:51 jdstrand: I think I spot a small mistake in my row 18:28:55 it should also be updated automatically via cron based on the work items tracker output 18:29:11 tyhicks: I don't doubt it :) let's talk after the meeting 18:29:15 sounds good :) 18:29:28 so, the is preliminary of course 18:30:03 but in general, I think looking at essential and high, the work is properly loaded 18:30:25 we can discuss specifics in #ubuntu-hardened after the meeting if there aer questions 18:30:45 Does anyone have any other questions or items to discuss? 18:31:23 'work is properly loaded' sounds funny. I should say 'the work load is correctly distributed' 18:33:16 ok, thanks everybody! 18:33:20 #endmeeting Generated by MeetBot 0.1.5 (http://wiki.ubuntu.com/AlanBell/mootbot)