18:04:03 <mdeslaur> #startmeeting 18:04:03 <meetingology> Meeting started Mon Nov 5 18:04:03 2012 UTC. The chair is mdeslaur. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 18:04:03 <meetingology> 18:04:03 <meetingology> Available commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired 18:04:09 <mdeslaur> The meeting agenda can be found at: 18:04:09 <mdeslaur> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 18:04:15 <mdeslaur> [TOPIC] Announcements 18:04:56 <mdeslaur> Natty is now EoL. jdstrand did the process for retiring it, so if you have not done it already, please do the checklist for removing natty from your security tools configuration. 18:05:17 <mdeslaur> [TOPIC] Weekly stand-up report 18:05:22 <mdeslaur> I'll go first I guess 18:05:28 <mdeslaur> This week, I'm in the happy place 18:05:35 <mdeslaur> I just released mysql, munin and mesa 18:05:45 <mdeslaur> and I have some other things to start working on 18:05:52 <mdeslaur> and I'll be gong down the list 18:05:57 <mdeslaur> that's pretty much it from me 18:06:00 <mdeslaur> sbeattie: you're up 18:06:22 <sbeattie> I'm trying to recover from UDS 18:06:34 <mdeslaur> sbeattie: did you get the Ubuflu? 18:06:47 <sbeattie> mdeslaur: no, but my inbox did 18:06:52 <mdeslaur> oh, haha 18:06:59 <mdeslaur> canonimailplague 18:07:03 <sbeattie> (I pre-fetched UbuFlu for myself) 18:07:42 <sbeattie> I'll be looking at the display manager notes and stuff that jjohansen handed off to me. 18:07:52 <sbeattie> which is pretty much it for me 18:08:03 <mdeslaur> I've been popping vitamin C like candy as a placebo preventative measure 18:08:23 <sbeattie> heh, yeah, me too 18:08:24 * jjohansen wishes he had some of that placebo 18:08:40 <sarnold> mm, something to do at lunch time.. 18:08:50 <sbeattie> I don't think micahg is here, so tyhicks, I think you're up. 18:09:15 <tyhicks> Sorry, too busy laughing at your weak immune systems 18:09:18 <tyhicks> ;) 18:09:25 <mdeslaur> lol 18:09:44 <tyhicks> arges asked me to SRU the fix for bug 1052038 18:09:45 <ubottu> Launchpad bug 1052038 in ecryptfs-utils (Ubuntu Precise) "ecryptfs_fnek_sig missing when login at the same time on cron session close" [Medium,In progress] https://launchpad.net/bugs/1052038 18:10:05 <tyhicks> The fix already exists and a test case already exists, so it shouldn't be bad 18:10:05 * jjohansen coughs in tyhicks direction 18:10:45 <tyhicks> I want to wrap up things (from my end, at least) for the audit MIR this week 18:10:55 <mdeslaur> \o/ 18:10:59 <tyhicks> sgrubb merged my patch upstream this morning 18:11:07 <mdeslaur> oh, nice 18:11:12 <sarnold> nice 18:11:16 <tyhicks> I've got a little inbox backlog to take care of 18:11:26 <tyhicks> and then I'm back on the apparmor dbus work 18:11:28 <tyhicks> that's it for me 18:11:31 <tyhicks> jjohansen: you're up 18:12:06 <jjohansen> I am going to get the dbus kernel up and then I'm am diving back into the stacking work this week 18:12:23 <tyhicks> thanks jjohansen 18:12:27 <mdeslaur> jjohansen: is that like the big jenga game at UDS? 18:12:42 <jjohansen> mdeslaur: nah, much less stable 18:12:49 <mdeslaur> hehe 18:12:50 <tyhicks> oof 18:12:53 <jjohansen> :) 18:13:06 <jjohansen> I think that is it for /me sarnold your up 18:13:12 <sarnold> good think you're a talented swordsman... 18:13:21 <sarnold> I'm on triage this week. 18:13:50 <jjohansen> sarnold: sadly only when my opponent is two feet tall 18:13:53 <sarnold> I'm pretty sure I've got the udsflu, you guys never mentioned that uds lasts another week... 18:14:02 <mdeslaur> sarnold: oh, let me know when you do bug triage if you want me to ride along 18:14:10 <sarnold> mdeslaur: thanks 18:15:06 <sarnold> before uds flights, I made sure qt4-x11 update worked well enough in natty, but didn't get around to the other distros in time to get the qt4-x11 update out the door for natty's goodbye party 18:15:36 <jjohansen> sarnold: ha yes, uds does seem to have a way of chewing up 2 weeks of your time 18:15:38 <sarnold> but it does help provide overall credibility to the reliability of the patch, and the time spent with qrt feels well-spent. 18:16:11 <sarnold> I thikn that's it, but maybe that's just the sinuses thinking... 18:16:13 <mdeslaur> sarnold: ok, you can remove the natty update from the secppa before publishing 18:16:16 <sarnold> mdeslaur: back to you? 18:16:27 <mdeslaur> sarnold: so you'll be testing the other releases this week, and hopefully publish it? 18:16:34 <sarnold> mdeslaur: can I ask for your hlep for that later today? 18:16:37 <sarnold> mdeslaur: yes. 18:16:43 <mdeslaur> sarnold: certainly 18:16:49 <sarnold> thanks 18:17:09 <mdeslaur> [TOPIC] Highlighted packages 18:17:14 <mdeslaur> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 18:17:14 <mdeslaur> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 18:17:21 <mdeslaur> http://people.canonical.com/~ubuntu-security/cve/pkg/sun-javadb.html 18:17:21 <mdeslaur> http://people.canonical.com/~ubuntu-security/cve/pkg/msmtp.html 18:17:21 <mdeslaur> http://people.canonical.com/~ubuntu-security/cve/pkg/libparallel-forkmanager-perl.html 18:17:21 <mdeslaur> http://people.canonical.com/~ubuntu-security/cve/pkg/libsdp.html 18:17:21 <mdeslaur> http://people.canonical.com/~ubuntu-security/cve/pkg/geshi.html 18:17:46 <mdeslaur> [TOPIC] Miscellaneous and Questions 18:17:51 <mdeslaur> Does anyone have any other questions or items to discuss? 18:18:09 <sarnold> one thing, probably long-term discussion point.. 18:18:32 <sarnold> we get our entropy from keyboard timing and hard drive timing data; but ssds are on the rise. are they still a reasonable source of entropy data? 18:19:12 <mdeslaur> hrm, interesting question 18:19:44 <mdeslaur> probably should be asked upstream 18:19:47 <sarnold> one hopes ssds are going into systems with good cpu-provided rngs but that may only be true on server-scale machinery. 18:20:50 <mdeslaur> yeah, it's a good question 18:21:49 <tyhicks> sarnold: FYI, Ted Ts'o made some changes to the kernel's entropy gathering code over the last month or two. I don't recall what all the changes were atm. 18:22:21 <sarnold> tyhicks: ah :) thanks 18:23:19 <mdeslaur> ok, thanks everyone! 18:23:21 <mdeslaur> #endmeeting