18:17:19 #startmeeting 18:17:19 Meeting started Mon Mar 11 18:17:19 2013 UTC. The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 18:17:19 18:17:19 Available commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired 18:17:22 The meeting agenda can be found at: 18:17:23 [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 18:17:27 [TOPIC] Announcements 18:17:43 UDS was last week. We should now have our blueprints in order with what we want to work on for March all in place. Thanks for all your hard work on this! 18:17:56 Thanks to Luke Faraone (lfaraone) who provided debdiffs for lucid for openafs (LP: #1145560). Your work is very much appreciated and will keep Ubuntu users secure. Great job! 18:17:59 Launchpad bug 1145560 in openafs (Ubuntu Quantal) "OpenAFS Security Advisories 2013-001 and 2013-002" [High,In progress] https://launchpad.net/bugs/1145560 18:18:09 [TOPIC] Weekly stand-up report 18:18:13 I'll go first 18:18:30 this is a short week for me-- I'll be off friday 18:18:38 I'm in the happy place 18:18:59 I'm working on chromium-browser and thunderbird testing 18:19:09 I've also got 2 embargoed items 18:19:26 jdstrand: BTW, the openafs SRU is released now, so there's no concern about what the security update should be based on. 18:19:32 and patch piloting (should be finished soon) 18:19:41 ScottK: ack, thanks :) 18:20:34 sarnold is on community this week, so I'll pass that along 18:20:39 mdeslaur: you're up 18:20:49 I'm on triage this week 18:21:17 the nist website is down at the moment, so I can't pull fresh CVE info....I'll try again tomorrow and will work around it if their problem persists 18:21:31 I'm working on php5 and apache2 updates 18:21:38 I also have an embargoed issue i'm working on 18:21:53 that's it for me 18:21:55 sbeattie: you're up 18:22:14 I'm dedicated again to apparmor stuff this week. 18:23:03 I'll be continuing the work on the display manager prototype, and the work items related to that. 18:23:15 And that's pretty much it for me. 18:23:19 tyhicks: you're up. 18:23:25 I'll be working on the following work items: 18:23:35 [tyhicks] library label permission query api (high) (2): INPROGRESS 18:23:35 [tyhicks] dbus daemon, use library label permission query api (high) (1): TODO 18:23:38 [tyhicks] dbus daemon, use aa_getpeercon - dbus (high) (1): TODO 18:24:09 I'll also need to tend to some eCryptfs maintenance work 18:24:37 There's renewed interest in an old patch that improves performance on newer hardware (mainly with SSDs and AES-NI support) 18:24:57 cking has nicely done some indepth benchmarking and I'll need to give the patch one more review 18:25:01 That's it for me 18:25:05 jjohansen: you're up 18:26:29 so I am working on apparmor as well this week 18:26:29 I have some more work on socket labeling and also on fixing stacking issues when the stack is split across a namespace 18:27:03 and I will probably drop another present or 10 for sarnold to look at 18:27:13 thats it, sarnold your up 18:28:06 I'm starting this week with the logind MIR; pitti decided to ask for a review of a newer package over the weekend rather than the version in raring, so I'll wind up taking longer than usual for this MIR as I'm duplicating some work already done... 18:28:50 after the MIR is done I'm liable to work on objectives this week, perhaps finally giving juju the time it deserves :) 18:29:13 I also understand jjohansen has a present for me! Woot. :) 18:29:17 jdstrand: back to you 18:30:17 sarnold: from earlier in the meeting-- since you're on community, if the updated openafs debdiffs come in this week, apparently the version in -proposed has been accepted into updates (you'll see discussion of that in the bug) 18:30:58 jdstrand: thanks for the heads-up :) 18:31:06 mp 18:31:08 np even 18:31:10 [TOPIC] Highlighted packages 18:31:15 The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 18:31:20 See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 18:31:35 http://people.canonical.com/~ubuntu-security/cve/pkg/libjboss-cache2-java.html 18:31:39 http://people.canonical.com/~ubuntu-security/cve/pkg/tinyproxy.html 18:31:43 http://people.canonical.com/~ubuntu-security/cve/pkg/ruby-parser.html 18:31:47 http://people.canonical.com/~ubuntu-security/cve/pkg/pyfribidi.html 18:31:51 http://people.canonical.com/~ubuntu-security/cve/pkg/isync.html 18:32:02 [TOPIC] Miscellaneous and Questions 18:32:09 Does anyone have any other questions or items to discuss? 18:38:13 mdeslaur, sbeattie, tyhicks, jjohansen, sarnold: thanks! 18:38:13 #endmeeting