18:04:29 <jdstrand> #startmeeting 18:04:29 <meetingology> Meeting started Mon Oct 1 18:04:29 2012 UTC. The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 18:04:29 <meetingology> 18:04:29 <meetingology> Available commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired 18:04:34 <jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 18:04:40 <jdstrand> [TOPIC] Weekly stand-up report 18:04:43 <jdstrand> I'll go first 18:05:10 <jdstrand> I'm in the happy place this week 18:05:36 <jdstrand> I've been working on some lightdm apparmor fixes this morning for 12.10, and am almost done 18:05:45 <jdstrand> I've got some pending updates that I am working on 18:05:59 <jdstrand> that's it from me 18:06:03 <jdstrand> mdeslaur: you're up 18:06:12 <mdeslaur> I just released software-properties updates 18:06:20 <mdeslaur> and I have qemu-kvm and devscripts updates to test 18:06:23 <mdeslaur> I'm on triage this week 18:06:38 <mdeslaur> and I'm on community too 18:06:49 <mdeslaur> wednesday, I have patch piloting 18:06:57 <mdeslaur> and after that, I'll pick something else to poke at 18:07:00 <mdeslaur> that's it for me 18:07:02 <mdeslaur> sbeattie: you're up 18:07:19 <sbeattie> I'm finally finishing up glibc testing, that will go out later today 18:07:48 <sbeattie> After that, I'm moving on to apparmor stuff 18:08:05 <sbeattie> will pick up jjohansen's coredump testcase patch for quantal 18:08:31 <sbeattie> that's pretty much it for me. 18:08:41 <sbeattie> tyhicks: you're up (since micahg's off) 18:09:16 <tyhicks> I have a libgssglue update to test and publish 18:09:34 <tyhicks> I also need to attach a fix to the openssl bug I opened a couple weeks ago 18:09:40 <tyhicks> It isn't getting any attention upstream 18:09:59 <tyhicks> But there's two plausible, simple fixes for it 18:10:17 * tyhicks will be sure to have that ready by at least mdeslaur's patch piloting on wednesday 18:10:33 <mdeslaur> hrm :P 18:10:35 <tyhicks> Then I'll be starting on apparmor stuff when I get the green light from jjohansen 18:10:39 <tyhicks> mdeslaur: you're welcome ;) 18:10:50 <tyhicks> jjohansen: that's it, you're up 18:10:52 <jdstrand> heh 18:10:58 <jjohansen> tyhicks: green light 18:11:04 <tyhicks> oh, nice! :) 18:11:23 <jjohansen> So I am dumping some docs, on tyhicks and sbeattie 18:11:37 <jjohansen> and getting them moving on some apparmor items 18:12:17 <jjohansen> I still have some fixing of the dbus parser patch so it works with 2.8 that I a plan to finish up today 18:12:34 <jjohansen> I have a yama qrt failure to finish looking into 18:12:56 <jjohansen> and more apparmor debugging 18:13:05 <jjohansen> of the kernel. 18:13:33 <jjohansen> I also need to push the current set of bug fixes upstream for 3.7 release window 18:14:37 <jjohansen> sarnold: your up 18:15:04 <jjohansen> oh and I guess this is a short week for me I am off friday 18:15:20 <sarnold> I think I've got my buildenvironment and testenvironment all built; this week we'll find what I missed and hopefully get around to fixing some packages. :) 18:15:31 <sarnold> I'm also going to be paying attention to the community role, woo. 18:15:37 <sarnold> jdstrand: you're up 18:17:09 <jdstrand> [TOPIC] Highlighted packages 18:17:14 <jdstrand> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 18:17:18 <jdstrand> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 18:17:26 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/smsclient.html 18:17:29 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/libyaml-libyaml-perl.html 18:17:32 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/libdbd-pg-perl.html 18:17:35 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/mcrypt.html 18:17:38 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/otrs2.html 18:17:46 <jdstrand> [TOPIC] Miscellaneous and Questions 18:17:55 <jdstrand> There are a lot of merge opportunities for packages listed in http://people.canonical.com/~ubuntu-security/d2u/. Performing these updates is a great way to help Ubuntu and bolster your developer application. 18:18:22 <jdstrand> mdeslaur (or possibly jjohansen): I see some 'high' kernel CVEs. what is the status of those? 18:18:57 <jjohansen> jdstrand: oh, hrmm I haven't checked this morning yet 18:19:26 <mdeslaur> jjohansen: it's been at high for a while now 18:19:48 <mdeslaur> CVE-2012-3520 18:19:50 <ubottu> ** RESERVED ** This candidate has been reserved by an organization or individual that will use it when announcing a new security problem. When the candidate has been publicized, the details for this candidate will be provided. (http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2012-3520) 18:21:39 <mdeslaur> it's in the -proposed kernel, so should be out soon 18:21:42 <mdeslaur> jdstrand: ^ 18:21:53 <jjohansen> jdstrand, mdeslaur: yep 18:22:32 <jdstrand> mdeslaur: awesome, thanks 18:22:42 <jdstrand> Does anyone have any other questions or items to discuss? 18:23:30 <sarnold> jdstrand: wrt the lightdm, one of our users was looking for a way to allow the guest profile to launch chromium-browser but not have the lightdm profile itself known about all the exceptions to its profile 18:24:08 <sarnold> jdstrand: this seemed like a reasonable idea to me, I've got a feeling that an #include <lightdm.d> may be useful for handling future cases similar to chromium-browser 18:24:36 <sarnold> s/itself known/itself know/ 18:25:15 <jdstrand> sarnold: yeah-- I saw the bug. I am doing something similar 18:26:17 <jdstrand> lightdm.d would be good, but I'd like to get upstream consensus on our .d directories. in the meantime, I have split out all of the lightdm rules into abstractions/lightdm. the guest and remote sessions can use that 18:26:17 <sarnold> jdstrand: cool :) (he wanted to pick up a bug he thought he could handle, but the nuances of named profile transitions are subtle enough that I think it makes sense for you to work on that one full-speed-ahead. But I did like his idea of isolating exceptions in their own pile of included files. 18:26:45 <jdstrand> cause right now the freerdp and uccsconfigure profiles are profile copies 18:27:13 <jdstrand> then I am adding a separate lightdm_chromium-browser abstraction that will itself include the lightdm abstraction 18:27:24 <jdstrand> bug it will have the additional rules to get chromium running 18:27:57 <sarnold> aha, that sounds good. :) Thanks 18:28:00 <jdstrand> so we achieve the same. if we need another special-cased profile, then we can add the lightdm.d dir 18:32:52 <jdstrand> #endmeeting