16:32:37 <jdstrand> #startmeeting 16:32:37 <meetingology> Meeting started Mon Mar 25 16:32:37 2013 UTC. The chair is jdstrand. Information about MeetBot at http://wiki.ubuntu.com/meetingology. 16:32:37 <meetingology> 16:32:37 <meetingology> Available commands: #accept #accepted #action #agree #agreed #chair #commands #endmeeting #endvote #halp #help #idea #info #link #lurk #meetingname #meetingtopic #nick #progress #rejected #replay #restrictlogs #save #startmeeting #subtopic #topic #unchair #undo #unlurk #vote #voters #votesrequired 16:32:42 <mdeslaur> \o 16:32:43 <jdstrand> The meeting agenda can be found at: 16:32:43 <jdstrand> [LINK] https://wiki.ubuntu.com/SecurityTeam/Meeting 16:32:49 <jdstrand> [TOPIC] Announcements 16:33:19 <jdstrand> in order to better accomodate all the members of the security team, we've changed our meeting time to 16:30 UTC 16:33:30 <jdstrand> Thanks to Scott Kitterman (ScottK) who provided a debdiff for hardy for clamav (LP: #1157385). Your work is very much appreciated and will keep Ubuntu users secure. Great job! 16:33:32 <ubottu> Launchpad bug 1157385 in clamav (Ubuntu Hardy) "0.97.7 security update" [Undecided,Fix released] https://launchpad.net/bugs/1157385 16:33:44 <ScottK> Thanks. 16:33:52 <jdstrand> :) 16:34:22 <jdstrand> mdeslaur, sbeattie, tyhicks, jjohansen, sarnold, chrisccoulson: please book travel for the sprint if you haven't already 16:34:30 <jdstrand> [TOPIC] Actions 16:34:49 <jdstrand> I had the action for changing the meeting time. that is obviously done :) 16:34:58 <jdstrand> [TOPIC] Weekly stand-up report 16:35:02 <jdstrand> I'll go first 16:35:13 <jdstrand> I have a short week this week, with friday off 16:35:29 <jdstrand> I'm on community this week 16:35:43 <jdstrand> I've got various performance reviews stuff I'll be working on 16:36:12 <jdstrand> as well as monthly planning for March (follow-ups) and April 16:36:57 <jdstrand> I think the monthly planning went pretty well this month (the planning itself, not the work items (which are doing quite well :), which we can discuss in a bit) 16:37:24 <jdstrand> I have 2 audits I need to do surrounding the SDK and gwibber 16:37:42 <jdstrand> and I'd like to carve out some time for looking at scopes privacy 16:38:40 <jdstrand> in terms of March work items status: 16:39:27 <jdstrand> I worked on getting the Ubuntu SDK/Unity dbus abstractions together last week, and have created patches against our apparmor in the dbus ppa that I'll either upload or coordinate with tyhicks 16:39:51 <jdstrand> so my part should be done today 16:40:43 <jdstrand> I am also updating the apparmor.d man page for dbus 16:40:56 <jdstrand> that should be done shortly 16:40:59 <tyhicks> nice! :) 16:41:04 <jdstrand> mdeslaur: you're next 16:41:19 <mdeslaur> I've just pushed out the openssl regression fix 16:41:23 <mdeslaur> and gnome-online-accounts 16:41:36 <mdeslaur> I'm currently finishing ruby testing, they should go out this afternoon 16:41:47 <mdeslaur> I'm in the happy place this week 16:41:53 <mdeslaur> and will pick up another update 16:41:59 <mdeslaur> I hope to have time to try out the sdk too 16:42:08 <mdeslaur> that's about it from me 16:42:11 <mdeslaur> sbeattie: you're up 16:42:36 <sbeattie> I'm focused on apparmor display manager confinement again this week. 16:43:09 <sbeattie> I'm still working on some issues with the logging prototype that I've been working on 16:43:42 <sbeattie> I'm also digging into the mir codebase this week 16:43:53 <mdeslaur> cool 16:44:02 <sbeattie> and that's pretty much it for me. 16:44:09 <sbeattie> tyhicks: you're up 16:44:28 <tyhicks> I'm primarily working on apparmor dbus mediation this week 16:44:39 <jdstrand> sbeattie: in terms of work items, that leaves the API. will those be postponed to april? 16:44:40 <tyhicks> I'm still bug squashing from late last week 16:44:44 * tyhicks pauses 16:45:01 <sbeattie> jdstrand: yeah, likely. 16:45:06 <jdstrand> ok 16:45:11 <jdstrand> tyhicks: sorry 16:45:13 <tyhicks> np 16:45:13 <jdstrand> go ahead 16:45:52 <tyhicks> I've fixed the dbus-daemon segfault that we were seeing and I'm trying to understand some oddness around the dbus acquire permission checks 16:46:14 <tyhicks> I found one bug in the query code and fixed it 16:46:27 <tyhicks> there's still another bug either in the parser or the query code... looking into that more right now 16:46:33 <tyhicks> then I'll upload those 3 fixes today 16:46:44 <tyhicks> then I'll switch to my last remaining march work item: 16:46:52 <tyhicks> [tyhicks] dbus daemon, use aa_getpeercon - initial (high) (1): INPROGRESS 16:47:19 <tyhicks> I've already been thinking how I want to do that and don't think it'll take much work to complete 16:47:37 <jdstrand> o/ (I have a question when you are done with status) 16:47:51 <tyhicks> (the sizing feels accurate to me, so I don't forsee that work item to be postponed) 16:48:31 <tyhicks> Outside of that stuff, I need to do some work on eCryptfs performance improvements. That'll probably fall in after-hours time, though. 16:48:34 <tyhicks> That's it for me 16:48:40 <tyhicks> jdstrand: what's your question? 16:49:21 <jdstrand> I think you covered your work items status, but unrelated to that, did you also see the issues I was having with the output of apparmor_parser -p with dbus rules? 16:50:08 <tyhicks> jdstrand: Yeah, I took a quick look at that and I still don't have a good answer 16:50:12 <jdstrand> ok 16:50:15 * jdstrand is done 16:50:33 <tyhicks> jdstrand: I'm not really familiar with the parser code, so it'll take a bit of time for me to get to the bottom of that 16:51:05 <tyhicks> jdstrand: Can I look at that after the getpeercon work item or is it blocking your work item from completion? 16:51:17 <jdstrand> it may be something jjohansen can point you at (or maybe it is an easy fix). it isn't super important atm, but something we don't want to release with 16:51:25 * tyhicks nods 16:51:25 <jdstrand> it isn't blocking me at all 16:51:40 <jdstrand> it is just a bug that I wanted on someone's todo list 16:51:54 <tyhicks> jdstrand: I've added an entry in my todo tracker 16:51:58 <jdstrand> thanks 16:52:02 <tyhicks> np, thanks for pointing it out :) 16:52:05 <tyhicks> jjohansen: you're up 16:52:21 <jjohansen> jdstrand: is there a bug open on that? 16:53:02 <jjohansen> we don't need one, just want make sure if there is we update it 16:53:05 <jdstrand> jjohansen: no, which was a question I had. how do we want to handle bugs against the ppa? perhaps we could discuss in #apparmor after the meeting (but here is fine if it is an easy answer) 16:53:33 * tyhicks doesn't have an easy answer atm 16:53:49 <mdeslaur> jdstrand: just write in the bug description that it's the ppa version? 16:53:52 <jdstrand> let's discuss in #apparmor then 16:53:56 <jjohansen> jdstrand: generally I don't care. If you poke one of us, I think that is enough atm 16:54:02 <jjohansen> I have a short week this week (off thurs, and friday) 16:54:02 <jjohansen> I will be working on next months monthly planning and finishing up my apparmor wi (labeling, and stacking), and coordinating with tyhicks on integrating the dbus changes into the apparmor-dev ppa 16:55:06 <jdstrand> jjohansen: based on that, it sounds like the march work items are on track. is that accurate? 16:55:21 <jdstrand> wait, there was one you said might slip 16:55:39 <mdeslaur> oh? which one? 16:55:50 <jjohansen> jdstrand: hrmm, I am behind 16:55:50 <jjohansen> stacking, extend policy language - parser (essential) (4): will be postponed for sure 16:56:00 <jdstrand> yes, that was the one 16:56:15 <jdstrand> jjohansen: no worries, I know you've been very busy with kernel security updates 16:56:30 <jdstrand> I've already communicated that has slowed us down 16:56:44 <jjohansen> I think we should be able to get the other ones out, but maybe I am being optimistic 16:57:08 <jdstrand> well, it's ok if things overlap between months 16:57:14 <jdstrand> we don't have to be rigid, just aware 16:58:00 <jjohansen> right 16:58:39 <jjohansen> I think that is it from me, sarnold your up 16:59:08 <sarnold> I'm working on some workitems this week, juju charm authoring and testing 16:59:36 <sarnold> turns out that local lxc deployments aren't working well in raring; hooray for uvt making vm testing so easy (thanks marc :) 16:59:51 <sarnold> (I think the problem is the usual python-has-broken-everything-again) 17:00:23 <sarnold> once I've made some progress there, I'll be doing the LXC MIR audit, unless something higher-priority pops up 17:00:40 <sarnold> oh yes, I'm also on triage this week. 17:00:50 <robru> is this the settings meeting? 17:00:55 <sarnold> robru: security team 17:01:01 <sarnold> chrisccoulson: your turn :) 17:01:04 <jdstrand> robru: we're almost done 17:01:10 <robru> no worries 17:01:12 <chrisccoulson> yoyo 17:01:15 <seb128> we are moving to #ubuntu-touch for the settings meeting 17:01:21 <robru> seb128, thanks 17:01:46 * jdstrand didn't see a planned meeting in the calendar at this time, fwiw 17:01:58 <chrisccoulson> so, last week I started looking at automated testing for chromium. i've got some tests running, and i plan to start writing the glue to hook this in to jenkins this week 17:02:10 <chrisccoulson> i've also got a build of the latest version of chromium working on armhf 17:02:16 <jdstrand> \o/ 17:02:20 <mdeslaur> \o/ 17:02:35 <mdeslaur> wait...new version breaking arm again in...5.... 17:02:36 <mdeslaur> 4.... 17:02:37 <mdeslaur> 3... 17:03:07 <chrisccoulson> i went through the checklist of things i need to do as a new starter last week too. i've deferred a few things until i get my new laptop though (such as setting up test environments) 17:03:26 <chrisccoulson> that's arriving in 2 days :) 17:03:31 <sarnold> \o/ 17:03:43 <chrisccoulson> there's also a firefox release next week (which means preparing builds at the end of this week) 17:03:51 <chrisccoulson> and i have a short week too 17:04:02 <mdeslaur> chrisccoulson: oh, what version of ff? 17:04:09 <chrisccoulson> mdeslaur, 20 17:04:17 <jdstrand> chrisccoulson: I'll show you the UCT/USN ropes then 17:04:21 <mdeslaur> they grow up so fast 17:04:24 <chrisccoulson> jdstrand, excellent, thanks 17:04:54 <chrisccoulson> i think that's me done 17:05:05 <jdstrand> [TOPIC] Highlighted packages 17:05:08 <jdstrand> The Ubuntu Security team will highlight some community-supported packages that might be good candidates for updating and or triaging. If you would like to help Ubuntu and not sure where to start, this is a great way to do so. 17:05:12 <jdstrand> See https://wiki.ubuntu.com/SecurityTeam/UpdateProcedures for details and if you have any questions, feel free to ask in #ubuntu-security. To find out other ways of helping out, please see https://wiki.ubuntu.com/SecurityTeam/GettingInvolved. 17:05:17 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/strongswan.html 17:05:19 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/proftpd-dfsg.html 17:05:22 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/libjboss-cache1-java.html 17:05:25 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/libphp-adodb.html 17:05:28 <jdstrand> http://people.canonical.com/~ubuntu-security/cve/pkg/jenkins-winstone.html 17:05:36 <jdstrand> [TOPIC] Miscellaneous and Questions 17:05:42 <jdstrand> Does anyone have any other questions or items to discuss? 17:06:03 <mdeslaur> is everyone off on monday? 17:06:08 <jdstrand> no 17:06:17 <jdstrand> US is not 17:06:26 <jdstrand> chrisccoulson: are you? 17:06:37 <chrisccoulson> jdstrand, yeah, i think we get friday and monday 17:06:41 <chrisccoulson> i should check though :) 17:06:47 <mdeslaur> ok, I'm off on monday, FYI 17:06:50 <jdstrand> chrisccoulson: yes :) 17:07:49 <jdstrand> mdeslaur, sbeattie, tyhicks, jjohansen, sarnold, chrisccoulson: thanks! 17:07:51 <jdstrand> #endmeeting