18:00:31 <jdstrand> #startmeeting
18:00:31 <meetingology> Meeting started Mon Jan 28 18:00:31 2013 UTC.  The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology.
18:00:31 <meetingology> 
18:00:31 <meetingology> Available commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired
18:00:38 <jdstrand> nice to start on time today :)
18:00:43 <jdstrand> The meeting agenda can be found at:
18:00:45 <jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting
18:00:52 <jdstrand> [TOPIC] Announcements
18:01:16 <jdstrand> Christian Kuersteiner (ckuerste) provided debdiffs for lucid-oneiric for xymon (LP: #1092412)
18:01:18 <ubottu> Launchpad bug 1092412 in xymon (Ubuntu Precise) "Xymon Multiple XSS" [Undecided,Fix released] https://launchpad.net/bugs/1092412
18:01:20 <jdstrand> Christian Kuersteiner (ckuerste) provided debdiffs for quantal for ruby-actionpack-3.2 (LP: #1100188)
18:01:22 <ubottu> Launchpad bug 1100188 in rails (Ubuntu Lucid) " Unsafe Query Generation Risk in Ruby on Rails" [Undecided,Triaged] https://launchpad.net/bugs/1100188
18:01:24 <jdstrand> Christian Kuersteiner (ckuerste) provided debdiffs for quantal for ruby-activerecord-3.2 (LP: #1100188)
18:02:15 <jdstrand> thanks to ckuerste for his help on security updates for these community supported packages. Your work is very much appreciated and will keep Ubuntu users secure. Great job! :)
18:02:20 <jdstrand> [TOPIC] Weekly stand-up report
18:02:24 <jdstrand> I'll go first
18:03:20 <jdstrand> last week I was community and I patch piloted
18:03:36 <jdstrand> this week I've got a chromium-browser upload to sponsor/test
18:03:42 <jdstrand> and two embargoed issues
18:04:02 <jdstrand> I'd like to take another look at our blueprints as well
18:04:15 <jdstrand> I plan to finish a couple of outstanding audits as well
18:04:21 <jdstrand> mdeslaur: you're up
18:04:33 <mdeslaur> I just published a couple of USNs
18:04:42 <mdeslaur> and I have something embargoed to look at
18:04:51 <mdeslaur> and then will continue going down the CVE list
18:04:58 <mdeslaur> I'm on triage this week too
18:05:03 <mdeslaur> that's it, sbeattie you're up
18:05:41 <sbeattie> I'm still focused on apparmor this week, specifically the display manager mediation prototype.
18:06:09 <sbeattie> that's prettymuch it for me. tyhicks?
18:06:28 <tyhicks> I'm working on an embargoed item
18:07:03 <tyhicks> I also need to upload new dbus and linux packages to the dbus-dev PPA for some patches that'll allow dbus to detect if apparmor supports dbus rules
18:07:16 <tyhicks> Then I'll (re)start work on the AppArmor kernel policy interface workitem
18:07:23 <tyhicks> That's it for me
18:07:27 <tyhicks> jjohansen: you'r eup
18:09:59 * jjohansen is working on the apparmor label and stacking code again, and we should see a new patchset this week. Currently I am chasing down a refcounting bug that is causing oopses
18:10:40 <jjohansen> after the new patchset gets pushed, /me will be moving on to env var filtering
18:10:46 <mdeslaur> \o/
18:10:54 <jdstrand> \o/
18:11:11 <jjohansen> sarnold: I think your up next
18:11:59 <sarnold> the dnsmasq patchset just kept growing, I handed off a braindump and four debdiffs to mdeslaur last week, it's a bit annoying to feel defeated by an update, but it's nice to look forward to something more approachable this week :)
18:12:19 <mdeslaur> sarnold: hehe, don't worry about that :)
18:12:20 <sarnold> this week I'm working on an update for squid and reviewing jjohansen's patches
18:12:30 <sarnold> I'm also on community :)
18:12:49 <sarnold> jdstrand: your turn :)
18:12:51 <mdeslaur> sarnold: cool. Squid is your priority this week.
18:13:01 <sarnold> mdeslaur: thanks
18:13:46 <mdeslaur> sarnold: I'd like to see squid published on thursday
18:13:57 <mdeslaur> sarnold: and if you still need testing, it can get pushed back to monday
18:14:02 <mdeslaur> sarnold: is that reasonable?
18:14:10 <sarnold> mdeslaur: I think so
18:14:16 <mdeslaur> sarnold: cool, thanks
18:15:43 <jdstrand> [TOPIC] Highlighted packages
18:15:52 <jdstrand> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so.
18:15:57 <jdstrand> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved.
18:16:11 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/mathopd.html
18:16:13 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/elinks.html
18:16:16 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/openarena.html
18:16:19 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/libsmi.html
18:16:24 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/geshi.html
18:16:53 <jdstrand> Also, there are a lot of merge opportunities for packages listed in http://people.canonical.com/~ubuntu-security/d2u/. Performing these updates is a great way to help Ubuntu and bolster your developer application.
18:17:00 <jdstrand> [TOPIC] Miscellaneous and Questions
18:17:05 <jdstrand> Does anyone have any other questions or items to discuss?
18:23:37 <jdstrand> mdeslaur, sbeattie, tyhicks, jjohansen, sarnold: thanks!
18:23:39 <jdstrand> #endmeeting