#title #ubuntu-meeting Meeting Meeting started by jdstrand at 18:23:15 UTC. The full logs are available at http://ubottu.com/meetingology/logs/ubuntu-meeting/2012/ubuntu-meeting.2012-05-21-18.23.log.html . == Meeting summary == ''LINK:'' https://wiki.ubuntu.com/SecurityTeam/Meeting (jdstrand, 18:23:21) *Weekly stand-up report *Highlighted packages ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/libspring-java.html (jdstrand, 18:36:35) ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/python-tornado.html (jdstrand, 18:36:40) ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/drupal6-mod-views.html (jdstrand, 18:36:43) ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/dimp1.html (jdstrand, 18:36:46) ''LINK:'' http://people.canonical.com/~ubuntu-security/cve/pkg/pyfribidi.html (jdstrand, 18:36:50) *Miscellaneous and Questions Meeting ended at 18:57:23 UTC. == Votes == == Action items == * (none) == People present (lines said) == * jdstrand (61) * micahg (18) * sbeattie (8) * tyhicks (8) * jjohansen (6) * meetingology (3) * mdeslaur (1) == Full Log == 18:23:15 #startmeeting 18:23:15 Meeting started Mon May 21 18:23:15 2012 UTC. The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 18:23:15 18:23:15 Available commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired 18:23:20 The meeting agenda can be found at: 18:23:21 [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 18:23:27 [TOPIC] Weekly stand-up report 18:23:30 I'll go first 18:23:47 I am on triage this week 18:24:12 mdeslaur and I will be finishing the work items review this week 18:24:31 I will be publishing a libxml2 update today or tomorrow 18:24:46 I have several pending updates I am working on 18:24:51 and then an embargoed issue 18:25:41 I'm hitting small work items here and there, and have started ufw python3 port (over the weekend, but may poke at it some this week) 18:26:05 mdeslaur is off today. I know he is working on pending updates. he is in the happy place 18:26:08 sbeattie: you're up 18:26:16 I'm on community this week 18:26:28 I've also got a few updates in progress. 18:27:13 I'm also planning on apparmor work this week. 18:27:21 I think that's it for me. 18:27:28 micahg: you're next 18:28:31 sbeattie: are those apparmor work items, the SRU or some combination? 18:29:26 jdstrand: SRU + work items, yes. 18:29:31 I've got patch piloting today, webkit update for precise this week, apparmor profile fixes for Firefox/Thunderbird (SRU for lucid-precise), will do earlier in the week so as not to block sbeattie, and chromium's build is broke ATM, so I need to dig into that as there's a pending update 18:29:34 awesome, thanks :) 18:30:36 I guess that's it for me 18:30:56 I'm in the happy place this week 18:31:03 It is a short week for me since I'm off Friday 18:31:38 I took on a sudo update and a sudo feature backport last week, so I've still got my eCryptfs work that I planned on doing last week 18:32:30 I imagine that getting caught up on eCryptfs bug fixes and the kernel merge window will soak up most of my week. I've got a few bug fixes that have patches written, I just haven't had a chance to test and push them upstream. 18:32:53 If I do get through all of that early, I've got a pidgin update that is pending in the testing stage. 18:33:02 (I see a reoccuring theme here :) 18:33:11 That's it for me 18:33:17 jjohansen: You're up 18:33:20 * jjohansen needs to work with sbeattie on releasing apparmor 2.8 this week, there are a couple of minor patches to finish up/test finish. /me also needs to finish going through work items and sticking time estimates on them. After that its back to resurrecting prototypes, dbus, cgroups, env filtering 18:34:17 I think that is about it jdstrand back to you? 18:34:21 jjohansen: how did the quantal kernel fixes go? 18:35:08 jdstrand: oh those look good, thanks for the kick I forgot to push them on the weekend 18:35:16 * jjohansen will do that first 18:35:44 * jjohansen got side tracked bug hunting 18:35:48 cool 18:35:59 * jdstrand wasn't trying to kick, just curious :) 18:36:08 nah, is good 18:36:29 [TOPIC] Highlighted packages 18:36:35 http://people.canonical.com/~ubuntu-security/cve/pkg/libspring-java.html 18:36:40 http://people.canonical.com/~ubuntu-security/cve/pkg/python-tornado.html 18:36:43 http://people.canonical.com/~ubuntu-security/cve/pkg/drupal6-mod-views.html 18:36:46 http://people.canonical.com/~ubuntu-security/cve/pkg/dimp1.html 18:36:50 http://people.canonical.com/~ubuntu-security/cve/pkg/pyfribidi.html 18:37:03 The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 18:37:08 See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 18:37:17 did that slightly out of order... 18:37:22 [TOPIC] Miscellaneous and Questions 18:37:32 There are a lot of merge opportunities for packages listed in http://people.canonical.com/~ubuntu-security/d2u/. Performing these updates is a great way to help Ubuntu and bolster your developer application. 18:37:52 I also had two other things 18:38:42 1. jjohansen has too many work items. once he gives time estimates mdeslaur and I will look at them and then probably discuss as a team how to proceed (eg, Roadmap 'low' ones or reassign some) 18:38:59 (mdeslaur will lead that effort) 18:39:32 2. the desktop team approached me about testing mozilla releases before upstream release day 18:39:38 (fyi micahg ^) 18:39:55 I said that this is the plan and that we have work items in place to achieve this 18:40:07 they do realize this is one day, right? 18:40:22 micahg: no, test the images for they tag them 18:40:32 like we said, we build them automatically 18:40:34 jdstrand: huh? 18:40:37 when it gets close, we test 18:40:53 s/for they/before they/ 18:41:00 yes, I mean there is only 1 work day to do this still (builds are tagged on Friday), yes, it's possible 18:41:02 eg, the release every 6 weeks 18:41:10 at 5 weeks, we can have testable packages 18:41:15 no, we can't 18:41:20 why? 18:41:27 they push out fixes in the final week 18:41:39 * jdstrand nods 18:41:45 the beta PPA is for people to test 18:42:12 the beta ppa is on 15 or something now, no? 18:42:16 ideally, people are running the beta and reporting issues along the way so my final testing is basically a rubber stamp 18:42:23 test = look at 20 screenshots 18:42:26 if I catch anything in my testing, it's too late anyways 18:43:06 yeah, once we have the automated testing screenshots, I think I'll run that against the beta PPA weekly, that should improve things 18:43:15 s/improve/catch things earlier/ 18:43:24 I would still argue that testing twice, once a week before and one day of would still be better than testing a day or two after 18:43:35 even if it is not automated yet 18:43:48 but anyway 18:43:55 sure, I can QA the beta the week before 18:44:30 in this particular instance, that asked if we could test early (ie, twice) to catch anything for the point release 18:44:48 micahg: can you coordinate that with the desktop team-- ie the exact timing) 18:44:53 the point release is in 3 months, we'll have 2 more releases before that 18:45:17 micahg: you might also mention the beta ppa-- I mentioned it, but they ones I saw were way past '13'-- they were on 15 18:45:34 12.04.1 will get FIrefox 14 18:45:51 jdstrand: is there ay possibility of getting QA resources to assist? 18:45:58 micahg: yes, I know-- but they asked for this to happen in a couple of weeks. can you coordinate/clarify what they need? 18:46:06 * jdstrand is trying not to be the middle-man 18:46:08 jdstrand: sure, who's the contact for that? 18:46:30 seb128 asked me-- I imagine either him or chris 18:46:46 sbeattie: I asked QA a while back to start running QRT, maybe I can get them to review the results more frequently once we have the screenshotting capability 18:47:09 sbeattie: well, now that we are on rapid release, we don't have the big call for testing-- everything is just a 'regular' update 18:47:26 jdstrand: I think he meant help with testing :) 18:47:37 and all they are asking for is us to do our regular testing by some point 18:47:42 jdstrand: what micahg said, not just calls for testing. 18:47:53 (see last statement) 18:48:30 and since that regular testing is something we should be doing anyway, I said 'ok' 18:49:21 anyhoo, this is a little more complicated than it has to be. desktop team needs tests to happen be a certain date. if micahg can ascertain the date and do the testing, that would be great. everything else is executing our work items 18:52:29 I think that is it 18:52:37 Does anyone have any other questions or items to discuss? 18:57:23 #endmeeting Generated by MeetBot 0.1.5 (http://wiki.ubuntu.com/meetingology)