18:02:29 <jdstrand> #startmeeting 18:02:30 <meetingology> Meeting started Mon Jul 23 18:02:29 2012 UTC. The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 18:02:30 <meetingology> 18:02:30 <meetingology> Available commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired 18:02:38 <jdstrand> The meeting agenda can be found at: 18:02:39 <jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 18:02:47 <jdstrand> [TOPIC] Weekly stand-up report 18:02:50 <jdstrand> I'll go first 18:03:24 <jdstrand> I will actually not have a short week this week :) 18:03:31 <jdstrand> I'm on communuity 18:03:37 <jdstrand> am patch piloting today 18:03:42 <jdstrand> have some pending updates 18:03:55 <jdstrand> and will be reviewing webkit maintenance a bit 18:04:00 <jdstrand> mdeslaur: you're up 18:04:07 <mdeslaur> I'm in the happy place this week 18:04:14 <mdeslaur> I've got a libexif update coming out in a few minutes 18:04:28 <mdeslaur> and have an embargoed issue (or two) that I need to work on this week 18:04:41 <mdeslaur> and I've worked on "uvt", the python replacement for vmtools 18:04:46 <sbeattie> \o/ 18:04:53 <mdeslaur> I still have a couple of commands to implement before marking off the work item 18:05:08 <mdeslaur> I should be done with them today or tomorrow 18:05:15 <mdeslaur> and after that, I'll pick some CVEs in the list 18:05:31 <mdeslaur> we have a _lot_ of open CVEs, so we need to be picking stuff up 18:05:35 <mdeslaur> that's it from me 18:05:37 <mdeslaur> sbeattie: you're up 18:05:48 <sbeattie> I'm in the happy place this week 18:06:03 <sbeattie> I've currently working on an embargoed issue 18:06:55 <sbeattie> I'm also poking at a possible regression from the openjdk backports I did around JNI in lucid (LP: #1027122) 18:07:26 <sbeattie> jjohansen handed me what he had for dbus/apparmor, so I'll be poking at that as well 18:07:47 <sbeattie> otherwise, I'll try to pick up a CVE or two as well 18:08:02 <sbeattie> that's all I've got; micahg, you're up 18:09:22 <micahg> This week I'm starting the staged rollout of webkit updates to the stable releases, tomorrow, precise-proposed will get 1.8.1 and if there aren't any significant increases in crashes, I'll push that to everyone late Thursday (or Monday if people think that's better) 18:09:46 <jdstrand> \o/ 18:09:58 <micahg> with the rest of the releases hopefully getting to their respective -proposed repo by the end of next week 18:10:15 * jdstrand guesses monday would be best. it is already late so don't cause potential extra work over the weekend 18:10:28 <micahg> ok 18:12:02 <micahg> that's basically it aside from watching for any issues with the Mozilla updates (have been skimming the bugmail to notify tyhicks if need be), all seems fine 18:12:45 <jdstrand> tyhicks: you're up 18:13:00 <micahg> oh, right, and trying to process all the mail about thunderbird's future, I hope to have something drafted over the next week or 2 18:13:06 <micahg> jdstrand: he's off today :) 18:13:12 <jdstrand> ah 18:13:17 <jdstrand> jjohansen: you're up 18:13:24 <jdstrand> tyhicks: nm 18:13:46 <jdstrand> bzr diff 18:13:49 <jdstrand> meh 18:14:32 <jjohansen> so I need to finish getting dbus stuff to sbeattie, I actually didn't give him the kernel bits yet, and the parser bits don't apply (though I may let him have a crack at fixing that) 18:15:24 <jjohansen> I have some more kernel QRT fallout to look at this week, not sure what it is yet just saw the request (/me is suspecting more arm failures) 18:16:25 * jjohansen needs to finish up on the rcu locking rework to fix deadlocking issues in the current apparmor patchset so I can push those out to the list 18:17:01 <jdstrand> jjohansen: is that due to upstream churn? 18:18:48 * jdstrand assumes so 18:18:56 <jjohansen> jdstrand: no, its due to us doing more and being forced to do GFP_KERNEL allocations indirectly in places where locks are held. This can cause sleeping at those points but with the way our locking works and the LSM hooks this effectively blocks all execs and several other operations causing system deadlocks 18:19:23 <jdstrand> jjohansen: oh, so this affects current kernels? 18:19:36 <jjohansen> jdstrand: no just the dev stuff 18:19:50 <jdstrand> jjohansen: part of getting rid of the compat work? 18:20:16 <jjohansen> jdstrand: not just the compat, its needed for stacking and labeling too 18:20:22 <jdstrand> ok 18:20:26 <jdstrand> jjohansen: anything else? 18:20:26 <jjohansen> basically an extra prereq 18:21:08 <jjohansen> hrmm well I plan to review the R stuff floated on the list 18:21:19 <jjohansen> oh and I have some 3.5 testing 18:22:08 * jjohansen pushed the compat patches for 3.5 but hasn't actually built or tested against upstream 3.5 18:22:17 <jjohansen> but that is minor 18:22:23 <jjohansen> jdstrand: thats it back to you 18:22:38 <jdstrand> thanks 18:22:44 <jdstrand> [TOPIC] Highlighted packages 18:22:49 <jdstrand> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 18:22:53 <jdstrand> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 18:22:59 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/nusoap.html 18:23:03 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/phppgadmin.html 18:23:06 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/libfile-temp-perl.html 18:23:10 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/mplayer2.html 18:23:13 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/tangerine.html 18:24:15 <jdstrand> [TOPIC] Miscellaneous and Questions 18:24:30 <jdstrand> There are a lot of merge opportunities for packages listed in http://people.canonical.com/~ubuntu-security/d2u/. Performing these updates is a great way to help Ubuntu and bolster your developer application. 18:24:41 <jdstrand> Does anyone have any other questions or items to discuss? 18:32:55 <jdstrand> mdeslaur, sbeattie, micahg, jjohansen: thanks 18:32:58 <jdstrand> #endmeeting